The Federal Trade Commission is taking action against education technology provider Chegg Inc. for its lax data security practices that exposed sensitive information about millions of its customers and employees, including Social Security numbers, email addresses and passwords. Chegg allegedly failed to fix problems with its data security despite experiencing four security breaches since 2017….
Category: Subcontractor
NC: UCPS student information made vulnerable due to insufficient security protections by vendor, superintendent says
WBTV Web Staff and Nick Ochsner report: Private information of students at schools districts and charter schools across the state were left vulnerable by a software misconfiguration by a third-party vendor, Union County Public Schools Superintendent Andrew Houlihan told parents in a letter this week. According to the letter, the misconfiguration came after iLeadr, a company used…
Phishing incident may have exposed Seton patient names, clinical information
Jack Dowling reports: A vendor associated with Seton Medical Center in Harker Heights was recently the victim of a phishing incident, according to a news release from the hospital late Friday afternoon. According to the center, an unauthorized agent accessed the email accounts of two of the vendor’s employees. Read more at KDH News.
NHS vendor Advanced won’t say if patient data was stolen during ransomware attack
Carly Page reports: Advanced, an IT service provider for the U.K.’s National Health Service (NHS), has confirmed that attackers stole data from its systems during an August ransomware attack, but refuses to say if patient data was compromised. Advanced first confirmed the ransomware incident on August 4 following widespread disruption to NHS services across the U.K. The attack…
Retirement plan participants urge judge not to dismiss Horizon Actuarial Services data breach class action
Abraham Jewett reports that a group of Horizon Actuarial Services retirement plan participants are trying to save their proposed class action lawsuit from dismissal by a judge. The litigation stems from a ransomware incident in November 2021. The proposed class of more than 2 million Horizon retirement plan participants argue that the data breach was…
Eventus WholeHealth notifies patients of breach
Eventus WholeHealth, PLLC (“Eventus”) provides integrated primary care and mental health services to medically vulnerable adults. In a press release issued this week, they disclose a breach involving protected health information. “On June 1, 2022, we observed suspicious activity associated with a single Eventus email account, despite multifactor authentication on the account.” Comment: That statement…