If you follow HHS’s public breach tool and investigations closely, two reports from the Office of the Inspector General (OIG) finding lax oversight and insufficient follow-up will come as no surprise. Susan Hall of FierceHealthIT has a good recap: The former report was based on reviews of a statistical sample of privacy cases investigated by OCR between September…
Category: U.S.
Watchdog: Top Secret Service official wanted information about Chaffetz made public
Shades of J. Edgar and dirty politics! I’m classifying this as a privacy breach and also an infosec breach as these data were supposed to be protected. Carol D. Leonnig and Jerry Markon report: The Secret Service’s assistant director urged that unflattering information the agency had in its files about a congressman critical of the service should be made public,…
Chase Can’t Dodge $10M Identity Theft Suit
Rose Bouboushian reports: Chase Bank must face identity theft claims for employees who let money launderers use a customer’s dormant accounts in a Medicare fraud scheme, the Second Circuit ruled Wednesday. Yelena Galper sued JP Morgan Chase Bank N.A. in New York state court in May 2013, claiming several of its employees accepted bribes to…
Payment processor YapStone sued over vacation rental payments data breach
From the well-that-was-quick dept.: Last week, this site reported that YapStone (VacationRentPayments) was notifying property managers and others who use their service to receive vacation rental payments that personal information in their account applications was compromised by unauthorized persons. Yesterday, Law360 reported that a New Jersey customer has filed a lawsuit against them in California federal court accusing YapStone of…
Is This Journalist Guilty of Low-Level Vandalism, or High-Damage Hacking?
The case of the former Reuters employee accused of involvement in hacking the L.A. Times has finally gone to trial. Sarah Jeong reports: A defense lawyer for Matthew Keys, a journalist charged with helping Anonymous “hack” the LA Times website, told a jury on Tuesday that his client was not guilty because he neither intended to cause…
Court denies Schnuck Markets’ motion to dismiss claims arising out of point-of-sale data breach
Ryan M. Martin of Winston & Strawn LLP writes: The U.S. District Court for the Southern District of Illinois recently denied the retail grocery chain Schnuck Markets’ motion to dismiss various claims arising from a December 2012 data breach in which hackers gained access to Schnucks’ credit/debit card processing systems. By mid-March 2013, both customers’ banks and Schnucks’…