Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company’s website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but…
Category: Of Note
NJ district court certifies two issues for interlocutory appeal in FTC v. Wyndham
In April, Judge Esther Salas denied Wyndham’s motion to dismiss the FTC’s complaint stemming from what the FTC alleges were unreasonable data security practices that put consumers at risk of harm. The FTC’s complaint was brought under Section 5 of the FTC Act, and Wyndham had challenged their authority to enforce data security as well as their…
Radiologist bypasses billing system computer security and acquires 97,000 patients’ info from NRAD Medical Associates – Update 4
Posting this here temporarily as phiprivacy.net is experiencing some problems. Usually when I see an envelope from NRAD Medical Associates, P.C. in my mail, it concerns a radiology bill or insurance matter following services there. But today, I opened the envelope to find a breach notification. Their notification, signed by their president, vice-president, and secretary-treasuresr, begins with the now somewhat…
NYC parents of school children: wake up and speak up to protect your child’s information!
Several years ago, I wrote to the NYC Comptroller’s Office and asked them to re-audit the NYC Department of Education on information technology/data security. To my knowledge, they haven’t done so. If you are a parent of a student in the NYC schools, this should concern you because the previous audit and two re-audits showed…
Canada: Stolen Customer Data Results In Ontario’s First Certified Privacy Class Action
Michael J. Paris of Bennett Jones LLP writes: Businesses that collect personal information have an added incentive to monitor employees handling customer data – Ontario’s first class action arising from the new tort of “intrusion upon seclusion” was certified last week.1 In Evans v Bank of Nova Scotia, the plaintiffs sought to certify a class action…
Privacy advocate files complaint with FTC over Maricopa County Community College District data breach
The 2013 breach at Maricopa County Community College District (MCCCD) in Arizona affected approximately 2.5 million faculty, staff, vendors, and students, making it the largest breach involving student information ever reported by a U.S. institution of higher education. A complaint by this privacy advocate alleges violations of the Safeguards Rule. Having researched and reported on breaches for about…