Today, Experian disclosed another data breach. This one affected 15 million customers of T-Mobile USA, for whom Experian hosts consumer data used for credit checks for new accounts. In tweeting my frustration about this latest incident, @emptywheel suggested I post the complaint I filed with the FTC about Experian in 2012. After some thought, I’ve decided…
Category: U.S.
Experian’s servers hacked; 15 million T-Mobile USA customers affected (UPDATED)
There’s been another data breach involving Experian, it seems, although this one didn’t involve their credit reporting database. Instead, it involved data Experian houses for T-Mobile USA. In a letter to affected T-Mobile USA customers, Experian CEO Craig Boundy writes: I am writing to let you know of an incident that occurred involving T‐Mobile USA data housed…
Reports slam OCR’s poor oversight of HIPAA covered entities, breach followup efforts
If you follow HHS’s public breach tool and investigations closely, two reports from the Office of the Inspector General (OIG) finding lax oversight and insufficient follow-up will come as no surprise. Susan Hall of FierceHealthIT has a good recap: The former report was based on reviews of a statistical sample of privacy cases investigated by OCR between September…
Watchdog: Top Secret Service official wanted information about Chaffetz made public
Shades of J. Edgar and dirty politics! I’m classifying this as a privacy breach and also an infosec breach as these data were supposed to be protected. Carol D. Leonnig and Jerry Markon report: The Secret Service’s assistant director urged that unflattering information the agency had in its files about a congressman critical of the service should be made public,…
Chase Can’t Dodge $10M Identity Theft Suit
Rose Bouboushian reports: Chase Bank must face identity theft claims for employees who let money launderers use a customer’s dormant accounts in a Medicare fraud scheme, the Second Circuit ruled Wednesday. Yelena Galper sued JP Morgan Chase Bank N.A. in New York state court in May 2013, claiming several of its employees accepted bribes to…
Payment processor YapStone sued over vacation rental payments data breach
From the well-that-was-quick dept.: Last week, this site reported that YapStone (VacationRentPayments) was notifying property managers and others who use their service to receive vacation rental payments that personal information in their account applications was compromised by unauthorized persons. Yesterday, Law360 reported that a New Jersey customer has filed a lawsuit against them in California federal court accusing YapStone of…