Zack Whittaker reports: Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data. Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company…
Category: U.S.
Nigerian Man Sentenced to Three Years in Prison for Computer Hacking Scheme that Targeted Government Employees
Almost one year after a Nigerian national was extradited from Canada and charged with defrauding vendors of office products by “phishing” e-mail login information from government employees, Olumide Ogunremi, a/k/a “Tony Williams,” was sentenced in federal court in Newark. The sentence was announced by the U.S. Attorney’s Office for the District of New Jersey. Ogunremi…
HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals
A second big settlement from HHS this week (you can find the first one here). HHS’s press release concerning a case that was previously reported on this site in 2014 follows. The incident also resulted in a class action lawsuit that was settled in 2019. CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the…
AL: St. Clair County is latest victim of cyberattack
WBRC reports: St. Clair County Commission Chairman Paul Manning said the county is a victim of a cyberattack, but no data has left the system. Manning said on September 21, 2020, around 7:00 p.m., St. Clair County was the target of the cyberattack. The county immediately began taking actions to mitigate and remediate any hardware…
Spokane health district apologizes for accidental disclosure of personal health info
Megan Carroll reports: The Spokane Regional Health District is apologizing on Monday after it accidentally disclosed personal health information to a partner agency. According to a press release, SRHD discovered the unauthorized disclosure to Northeast Washington Educational Service District 101 on Tuesday, Sept. 8. Recipients included school administrations and nursing staff. Read more on KREM.
Montefiore employee terminated after data breach affected up to 4,000 patient records
Jeff Lagasse reports: On Friday, Montefiore Medical Center alerted patients that a former employee had recently stolen personal information from roughly 4,000 patient records, which led Montefiore to terminate the employee upon learning of the security breach and potential identity theft. Read more on Healthcare Finance. Their story appears to have a typo in it, though: the…