Michael Dresser reports: The state Board of Public Works approved a contract worth an estimated $2.6 million Wednesday for a firm to monitor the credit activity of an estimated 300,000 people whose personal information was exposed as a result of a computer security breach discovered at the University of Maryland early this year. The board…
Category: U.S.
Massage school data breach may rub alumni the wrong way
Six hundred and eighty-three Maryland residents who are alumni of the Baltimore School of Massage (BSOM) and Baltimore School of Massage’s Steiner Institute of Esthetics are being offered three years of free credit monitoring, identity protection, and identity theft restoration services following on email error that exposed their information. On June 17, an employee accidentally…
FERPA does not require data breach disclosure
Over on PogoWasRight.org, I’ve recapped the U.S. Education Department’s responses to privacy complaints filed by parent and students under the Family Educational Rights and Privacy Act (FERPA). In going through the data provided to EPIC in response to their Freedom of Information Act request, I noted that in a few cases, the Family Policy Compliance…
Aloha point-of-sale terminal, sold on eBay, yields security surprises
Breaches involving point of sale (POS) systems in retail stores and the hospitality sector are all-too-common, and Aloha POS has been mentioned on this blog in some past breaches. Now Jeremy Kirk reports: Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal — a brand of computerized cash register…
Ex-Wheaton worker gets 7 years in identity theft case
Sarah Maslin reports: Janice M. Nieman stole the identities of more people than could fit in Milwaukee County Circuit Judge Glenn Yamahiro’s courtroom on Friday. The total: 848, the largest number of victims in a single defendant case in Milwaukee County history. For embezzling more than $1 million from Wheaton Franciscan Services, a not-for-profit health…
DEI notifies clients after third party web host notifies them of two breaches
Dennis East International (DEI) reports that its website, which is hosted by Omeganet of Georgia (a/k/a/ CAMEO EZ) experienced two recent security breaches. The first incident affects some customers (who are all retailers) who placed orders on DEI’s website between June 1 and June 13 of this year. Omeganet informed DEI that some customers may…