Insurance carriers, third party administrators (TPAs), and self-insureds had claims data exposed when a cloud-hosted claims management service inadvertently left their databases and files unprotected on a public server. Another week, another infosecurity failure that exposed oodles of personal information. This time, it’s a leak that not only exposed insurance claims data, but allegedly included internal documents that reveal how…
Category: Subcontractor
NC: Charlotte-Mecklenburg Schools notifies 7,600 job applicants of privacy breach
Adam Bell reports: Charlotte-Mecklenburg Schools has notified about 7,600 job applicants that their personal information, including Social Security numbers, was shared with an outside contractor without their consent. […] In a statement Tuesday morning, CMS said that one of its employees entered into an agreement with a vendor prior to obtaining proper authorization, and that resulted…
CVS confirms customer data stolen in PNI Digital Media attack (updated)
There’s an update to the PNI Digital Media breach that affected the online photo centers for major retailers such as CVS, Costco, Walmart, RiteAid, Sam’s Club. The breach was first disclosed over the summer, but now AP reports that investigators for CVS have not only confirmed the hack, but some customers’ information may have been…
DoD Issues Interim Rule For Contractors on Incident Reporting and Cloud Computing Services
Joe Lazzarotti writes: Government contractors have a wide range of unique challenges (find out more about these here), not the least of which is data security. A good example is the interim rule the Department of Defense (DoD) issued last month that implements sections of the National Defense Authorization Act for Fiscal Years 2013 and…
UK: Bank details of thousands of Lloyds’s customers stolen from insurer
Hilary Osborne reports: Bank details of thousands of Lloyds Premier account customers have been taken from an insurer, and customers have been warned to take out cover against fraud. Some Premier Banking customers who had emergency cover from Royal Sun Alliance (RSA) through their paid-for accounts between 2006 and 2012 have been told that personal…
What did CSU do to verify vendors’ data security – and what might FTC do?
When California State University decided to purchase a We End Violence program, Agent of Change, they reportedly did consider data security. The Press-Telegram reports: Laurie Weidner, spokeswoman for the Chancellor’s Office, said CSU has not terminated its relationship with We End Violence, which administered the training program called Agent of Change. The vendor was one of…