Cleveland Metropolitan School District, (“CMSD”), recently discovered an event that that may affect the security of personal and financial information of a select group of employees, students, their guardians, and/or other affiliates of CMSD. What Happened? On March 6, 2017, CMSD determined that certain categories of employee, student, and/or guardian information contained in a limited…
Category: Phishing
Metro Community Provider Network settles HHS breach charges for $400,000 and corrective action plan
HHS announced another settlement today. This one stemmed from a 2011 incident that was previously covered on this site. Once again, the take-home message is that you need to do a risk assessment, and you need a risk management plan commensurate with your risk assessment. In this case, there was no prior risk assessment, and…
Phishing scam diverts more than $40K from Denver Public Schools
Michael Konopasek reports: A computer hacking scam has made $40,000 of direct deposit money for Denver Public Schools employees disappear. Internet thieves are suspected of stealing the funds that were intended to pay the school district staff Read more on Fox31. Sadly, it appears that despite the district’s training/awareness efforts, at least 30 employees fell…
Virginia Adds Notification Requirements for Payroll Incidents to Breach Law
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write: With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam. More specifically, the law requires that they notify…
Washington University School of Medicine hit by phishing attack, patient info may have been accessed
KSDK reports: A third party may have gained unauthorized access to patient information — including names, birth dates and social security numbers — after a phishing attack at Washington University’s medical school. A post on the Washington University School of Medicine website said an employee fell for a phishing email designed to look like an official request…
Coastal Carolina University works to recover money stolen in phishing scam
Lisa Gresci reports: Coastal Carolina University continues to work to recover money that was stolen from the college in a phishing scam. A release from CCU stated an individual who claimed to represent a company under contract with the university contacted its financial services via email and requested to change the company’s bank account information….