California Virtual Academies (CAVA) is a network of 11 publicly funded charter k-12 schools in California. Researcher Chris Vickery recently contacted DataBreaches.net after he found a database with 58,694 of their students’ records leaking. In addition to a lot of personal information on the students that was all in plain text, the leaking data included some information on student…
Category: Subcontractor
NH: Personal info of Dover volunteers mistakenly dumped
Kimberley Haas reports: Personal information for close to 160 volunteers in Dover’s school district — including their fingerprint cards and social security numbers — was “mistakenly destroyed” this fall, according to city officials. Between early September and the beginning of last month, a janitor working for S.J. Services in Danvers, Mass., bagged up numerous postmarked…
IL: Mailing error by contractor discloses ‘limited’ personal info of 3,000 Centegra patients
Stephen DiBenedetto reports: Medical bills detailing “limited” personal information of 3,000 Centegra Health System patients recently were sent to the wrong addresses because of a mailroom error at a third-party contractor, a Centegra spokeswoman said. The mailing error happened Nov. 2 at MedAssets, a Georgia-based vendor Centegra contracts, during routine maintenance. A setting on automatic…
Follow-Up: Company involved in NSUH-LIJ breach folded
In June, this site covered a breach affecting approximately 18,000 patients of North Shore-Long Island Jewish Health System. Unencrypted patient data, including SSN and clinical information, had been on five laptops stolen from Global Care Delivery, a Texas-based firm that contracted with North Shore-LIJ to process and collect payments owed by insurers to the hospital system. At the…
Oh, so THAT’s what happened, Sunday edition
Sometimes I see breaches on HHS’s public breach tool but can find no web site for the covered entity or any substitute notice online. Such was the case with an entry for “Daniel A. Sheldon, M.D., P.A.,” an orthopaedic surgeon in Florida. The breach tool entry indicated that on September 16, 2015, the doctor had…
Fashion to Figure notifying customers of payment card compromise
Fashion to Figure (B. Lane, Inc.) is notifying customers of a breach involving malware inserted on their web host’s server. The malware was reportedly inserted on the unnamed host’s server on May 19, but Fashion to Figure did not realize it until October 16, when they started investigating why a web page was loading slowly. Potentially compromised…