Linda McGlasson reports: A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April. The proposed settlement would create a $4 million pool to pay consumers and settle the case. […] In a “fairness hearing” on April 27,…
Category: Of Note
Stolen Millennium Medical Management Resources drive contained PII and PHI on 180,111
Health records belonging to patients were stolen in a break-in at a suburban medical billing company. Patients are now being notified about the security breech (sic). Police tell ABC7 the records were on a portable hard drive and stolen from the Westmont office of Millennium Medical Management Resources. It happened back in February. The company…
(RBS follow-up) Ex-cop admits role in $4.2m ATM heist
Patsy Moy reports: Two Hong Kong men using fake bank cards produced by US-based hackers withdrew HK$4.2 million [USD $541,024.47 — Dissent] from various ATM machines in less than eight hours, the District Court heard yesterday. Cheung Hoi-wing, 40, a transport worker and former police officer, pleaded guilty to one count of conspiracy after admitting…
New breach notification requirements in effect in Canada
From the Office of the Privacy Commissioner of Alberta: Amendments to the Personal Information Protection Act (PIPA) were proclaimed in force on May 1, 2010, and added a new requirement for organizations to notify the Information and Privacy Commissioner of incidents “involving the loss of or unauthorized access to or disclosure of personal information where…
UK: Tax records ‘sold to junk mail firms’
Andrew Alderson reports: Experts fear that HM Revenue & Customs has been hit by another security breach, less than three years after it lost the details of 25 million taxpayers. Demands for an investigation come after a woman from Bedfordshire received direct mail using an incorrect surname that only appeared on an HMRC database. One…
Guernsey: Data protection law amended to include prison time
Michael Adkins of Collas Day summarizes amendments to the Data Protection (Bailiwick of Guernsey) Law. According to Wikipedia, Guernsey is a possession of the UK and not part of the UK nor part of the EU. Of particular interest to me in their amendments: Section 55(2) has been amended to offer further exemptions to people…