Uh oh. Any consumer notification template that reports a breach due to malware injection on the web host’s server and/or includes [INSERT SITE NAME HERE] doesn’t bode well, especially when the compromise lasted for more than three months before being detected. See Cyberswim‘s template notification letter, here (pdf). I don’t see any notification on their web site…
Category: Subcontractor
UIL Holdings notifies customers after laptop stolen from vendor’s employee
UIL Holdings in Connecticut is notifying customers of a breach involving one of their vendors. The contractor is not named in their notification letter of September 30, which begins: We are writing to inform you of an incident that involved your personal information. On or about September 13, 2014, a thief stole a laptop computer…
Bay Area Bioscience Association (BayBio) notifies online customers of breach
The following notification template was submitted to the California Attorney General’s Office yesterday: Dear BayBio Customer, It has come to our attention that sometime within the past two weeks the security of our online payment system was breached. We believe an intruder inserted files that captured the keystrokes of our visitors and may have captured credit…
USIS offers DHS employees credit monitoring after breach
Andy Medici reports: The contractor responsible for a cyber breach that exposed the personal information of 27,000 Department of Homeland Security employees is now giving credit monitoring services to affected employees. Read more on Federal Times.
More details start to emerge about Summit County Fair breach
Thanks to some solid reporting by David Burger, we now have some more details about the Summit County Fair data breach reported previously on this blog: The Federal Bureau of Investigation has joined the Summit County Sheriff’s Office in investigating a security breach that resulted from a third-party vendor selling tickets to two events at…
Third-party vendor in Goodwill breach identified
idRADAR.com has uncovered an important detail in the Goodwill Industries breach – the identity of the third-party vendor. They report that it’s C&K Systems. Read more on idRADAR.com.