I’m not seeing any press release from NYS Attorney General Schneiderman’s office yet, but Kenneth Lovett of the NY Daily News reports that Uber has settled two probes stemming from both its “God View” privacy breach scandal and delayed notification of a breach involving drivers’ information. In addition to paying the $20,000 fine to settle both probes,…
Category: U.S.
Lack of Injury Dooms Michaels Breach Class Suit
From Bloomberg Law: Because the plaintiffs failed to demonstrate actual injuries, arts and crafts retail chain Michaels Stores Inc. Dec. 28 dodged a federal court putative class action over a data breach that compromised approximately 2.6 million payment cards. Dismissing the suit without prejudice, Judge Joanna Seybert of the U.S. District Court for the Eastern District of…
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Southern New Hampshire U. still investigating database leak exposing over 140,000 records
Steve Ragan reports: Southern New Hampshire University (SNHU) says they’re still investigating how a database containing some student and class information was exposed to the public. The database was discovered by researcher Chris Vickery shortly before Christmas. Vickery turned to Salted Hash for assistance in resolving the matter, as previous attempts to contact the university…
Washington Hospital Healthcare System notifies individuals of breach
Washington Township Health Care District (Washington Hospital Healthcare System) recently notified the California Attorney General’s Office of a breach. Their template of their notification letter was uploaded yesterday. The letter, signed by Kristin Ferguson,, Chief of Compliance, explains that the District learned on October 8th that an unauthorized individual may have gained access to a computer associated with…
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused…