Lawyers for Twin America LLC (d/b/a CitySights NY) have notified the New Hampshire Attorney General’s Office that an SQL injection attack on their client’s web server resulted in the acquisition of 110,000 customers’ credit card data. The security breach was discovered on or about October 25, when the firm’s web programmer noticed that unauthorized script…
Category: Of Note
Ohio State notifies 760,000 of unauthorized access to university server
Earlier this year, Ohio State University (OSU) noted that they had been averaging about data breaches per year, usually minor, but involving SSN. Yesterday, they revealed another breach. I’m not sure how you try to minimize access to a server containing PII on 760,000 people or a finding that your server was used to launch…
Do Walgreens, McDonald’s, and deviantART breaches have common point of compromise? (updated)
Dan Goodin reports: FBI agents looking into the theft of customer data belonging to McDonald’s are investigating similar breaches that may have hit more than 100 other companies that used email marketing services from Atlanta-based Silverpop Systems . “The breach is with Silverpop, an email service provider that has over 105 customers,” Stephen Emmett, a…
Starbucks May Be Aren’t Liable for Workers’ ID Theft Risk (updated)
Tim Hull reports the latest on a lawsuit that stemmed from a case involving a stolen laptop in 2008: Starbucks employees whose personal information was stolen with a company laptop can sue the coffee kahuna for negligence, the 9th Circuit ruled Tuesday. About 97,000 current and former Starbucks employees were exposed to identity theft in…
Judge Won’t Alter Award in Equifax ID Theft Case
Maria Dinzeo reports the latest development in what is probably one of the most well-known ID theft cases: A cancer survivor who won more than $1 million from Equifax for improperly handling his identity theft report can keep the full award, a federal judge ruled. U.S. District Judge Susan Illston rejected the credit reporting agency’s…
Data Breach Investigation | Due Process of Law
The following is cross-posted from PHIprivacy.net: In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part: The California Legislature made clear it wants notices to be issued quickly. However,…