From the add-this-to-the-list-of-concerns-about-Samsung dept. Matt Metzger writes: About four months ago, I ordered a new TV directly from Samsung’s online store. A few days later, I received a tracking link via email. http://www.agsystems.com/listhawb.asp?searchtype=hawb&searchvalue=1138977 Reusing Tracking Numbers When I first received the link, it showed an order that wasn’t my own. I assumed there was some sort of…
Category: Subcontractor
UK: ‘43,000 individuals’ possibly affected after ABTA web server hacked
TTG reports: The organisation said today it had become aware of “unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability”. The web server is managed for Abta through a third-party web developer and hosting company. “The infiltrator exploited that vulnerability to access data provided by some customers of Abta…
NZ: Patient data system disabled after problem discovered
Eileen Goodwin reports: A new patient information system used by general practitioners had to be disabled yesterday because of a risk of data breach. The Otago Daily Times learned about the situation in a leaked email to southern GP practices. The patient information system has been introduced over the past couple of months to many GP practices…
Summit Reinsurance issues notice of breach discovered in August
Regular readers will realize that I’ve been reporting on the Summit Reinsurance breach since it first appeared in a covered entity’s disclosure back in November. Since then, I’ve been compiling and/or reporting on other entities affected by the ransomware attack that they discovered August 8, 2016. So seven months after discovery, they are first issuing a public…
VCU Health System notifies 2,700 of inappropriate access to their medical records
The Richmond Times-Dispatch reports: Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes. The breach was found Jan. 10…
Brand New Day notifies 14,005 members after breach at vendor
From their press release of March 10: Universal Care, Inc. dba Brand New Day (BND) announced today that it has notified individuals related to a privacy incident involving information stored by a third-party vendor. The incident did not involve information that was stored or maintained on BND’s own systems. On December 28, 2016, BND learned…