Tipton County Schools was one of the first districts to reveal that an employee had fallen for a W-2 phishing scheme this year. Now the district is being sued by its employees, it seems. Courthouse News reports: Employees of a rural Tennessee county’s school system claim in a $19 million federal class-action lawsuit that their…
Category: Phishing
Iowa Veterans Home warns nearly 3,000 of data breach after phishing incident
In February 2017, Google and the State of Iowa were the target of multiple phishing email campaigns. The Office of the Chief Information Officer (OCIO) and the Iowa Veterans Home jointly responded and coordinated the recovery of the incident and worked together to implement additional measures to prevent a similar occurrence in the future. We…
Cleveland Metropolitan School District discloses phishing-related incident
Cleveland Metropolitan School District, (“CMSD”), recently discovered an event that that may affect the security of personal and financial information of a select group of employees, students, their guardians, and/or other affiliates of CMSD. What Happened? On March 6, 2017, CMSD determined that certain categories of employee, student, and/or guardian information contained in a limited…
Metro Community Provider Network settles HHS breach charges for $400,000 and corrective action plan
HHS announced another settlement today. This one stemmed from a 2011 incident that was previously covered on this site. Once again, the take-home message is that you need to do a risk assessment, and you need a risk management plan commensurate with your risk assessment. In this case, there was no prior risk assessment, and…
Phishing scam diverts more than $40K from Denver Public Schools
Michael Konopasek reports: A computer hacking scam has made $40,000 of direct deposit money for Denver Public Schools employees disappear. Internet thieves are suspected of stealing the funds that were intended to pay the school district staff Read more on Fox31. Sadly, it appears that despite the district’s training/awareness efforts, at least 30 employees fell…
Virginia Adds Notification Requirements for Payroll Incidents to Breach Law
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write: With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam. More specifically, the law requires that they notify…