On July 23, a break-in at First Federal Bank of Florida in Jacksonville resulted in the loss of computer equipment containing a wealth of unencrypted customers’ information provided for mortgage loan applications. Personal information included the customers’ names, addresses, dates of birth, Social Security numbers, mothers’ maiden names, credit card numbers, bank account numbers, and driver’s…
Category: U.S.
HHS submits its annual report to Congress on breaches
The U.S. Department of Health and Human Services Office for Civil Rights has submitted its mandated report to Congress on breach reports it has received. The report covers incidents reported between September 23, 2009 (the date the breach notification requirements became effective), and December 31, 2010. Here are some of the highlights of the report:…
North Carolina psychologist settles state charges for dumping patients’ records, agrees to pay $40,000
The following press release from North Carolina Attorney General Roy Cooper is a follow-up to a breach previously covered on PHIprivacy.net: Dr. Ervin Batchelor of the Carolina Center for Development and Rehabilitation in Charlotte has paid $40,000 for illegally dumping files containing patients’ financial and medical information, Attorney General Roy Cooper announced Wednesday. “Any business you entrust with your information has a…
Santa Clara dental worker steals patient info, lands in prison
Mike Rosenberg reports: A former employee at a San Jose dental office will spend four years in prison for stealing personal information from patient records to create credit card accounts he used to buy Gucci watches and flat-screen TVs, authorities announced Tuesday. Nick Luu and five other members of an identity theft ring defrauded at least…
OH: Candidate for world’s dumbest criminal pleads guilty to attempting to extort Xavier University
It’s not that often that we find out about extortion attempts related to data breaches, so when we do, I try to follow up on them. Here’s a follow-up to an extortion attempt involving Xavier University that I previously covered on this blog. Kimball Perry reports on a very poorly executed crime: Recently released from…
(Update and Commentary): Why are states withholding the names of breached entities?
Yet another recent press release – this one from the U.S. Attorney’s Office in Connecticut – shields the name of the breached entity: David B. Fein, United States Attorney for the District of Connecticut, announced that NATASHA SMITH, 25, of Georgia, formerly of Far Rockaway, New York, waived her right to indictment and pleaded guilty yesterday,…