On March 19, Calvert Internal Medicine in Maryland notified current and former employees of a computer compromise that may have exposed their Social Security numbers to misuse. A copy of their notification was sent to the Maryland Attorney General’s Office. From reading their description of the breach, it seems that ADP failed to restore a…
Category: Subcontractor
Are TerraCom and YourTel the poster children for how NOT to respond to a breach?
Isaac Wolf reports: A month ago, two phone carriers participating in a federal benefit program were alerted that sensitive customer records, including Social Security numbers and bank-account records, were freely posted online. Now, Oklahoma-based TerraCom Inc. and affiliate YourTel America Inc. — the companies that collected the records — say they don’t plan to notify…
Data breach puts DHS employees at risk of identity theft
Jason Miller reports: Tens of thousands of current and former Homeland Security Department employees are at risk of identity theft after officials discovered a vulnerability in the vendor’s system for processing background investigations. All DHS employees working in the headquarters office, for the Customs and Border Protection and for the Immigration and Customs Enforcement components…
Blaming the discoverer of a breach probably not a wise move
More on the Lifeline breach involving TerraCom and its affiliate YourTel America: Scripps Howard News Service has its report on the breach here, and has also published a companion piece with video of how they discovered the breach. As reported previously, Scripps reports that when notified of the leak, TerraCom had accused Scripps of accessing…
TerraCom notifies 150,000 Lifeline applicants after breach
Here’s a breach I didn’t see in the media but first learned of from the Wisconsin Office of Privacy Protection. According to that office, on April 26, 2013, TerraCom, a wireless learned of a security breach involving unauthorized access to personal data and downloaded files related to over 150,000 individuals. The data was stored on…
Two years after a vendor is hacked, OneWest Bank notifies customers
OneWest Bank has been notifying customers of a breach that occurred back in 2011. According to their letter, a copy of which they submitted to California under the state’s breach reporting requirements, the bank recently learned that one of our service providers, was the victim of an illegal and unauthorized intrusion into its network (“Network…