Breaches involving point of sale (POS) systems in retail stores and the hospitality sector are all-too-common, and Aloha POS has been mentioned on this blog in some past breaches. Now Jeremy Kirk reports: Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal — a brand of computerized cash register…
Category: Of Note
Mark your calendars: House Oversight hearing on FTC Section 5 Authority
The House Committee on Oversight and Government Reform will be holding a hearing next Thursday morning, July 24: The Federal Trade commission and Its Section 5 Authority: Prosecutor, Judge, and Jury No details are available yet as to who the witnesses will be, so check back next week. Those interested in the topic may wish…
Vermont Attorney General Fines Local Business For Failing To Notify Consumers Of Security Breach
Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company’s website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but…
NJ district court certifies two issues for interlocutory appeal in FTC v. Wyndham
In April, Judge Esther Salas denied Wyndham’s motion to dismiss the FTC’s complaint stemming from what the FTC alleges were unreasonable data security practices that put consumers at risk of harm. The FTC’s complaint was brought under Section 5 of the FTC Act, and Wyndham had challenged their authority to enforce data security as well as their…
Radiologist bypasses billing system computer security and acquires 97,000 patients’ info from NRAD Medical Associates – Update 4
Posting this here temporarily as phiprivacy.net is experiencing some problems. Usually when I see an envelope from NRAD Medical Associates, P.C. in my mail, it concerns a radiology bill or insurance matter following services there. But today, I opened the envelope to find a breach notification. Their notification, signed by their president, vice-president, and secretary-treasuresr, begins with the now somewhat…
NYC parents of school children: wake up and speak up to protect your child’s information!
Several years ago, I wrote to the NYC Comptroller’s Office and asked them to re-audit the NYC Department of Education on information technology/data security. To my knowledge, they haven’t done so. If you are a parent of a student in the NYC schools, this should concern you because the previous audit and two re-audits showed…