Earlier today, I reported that the College of Eastern Idaho was notifying people of a breach after four employees fell prey to a phishing attack. Now here we are, a few hours later, and I’m reporting that Westminster College in Salt Lake City, Utah is notifying people after eleven of their employees fell prey to phishing attacks. Although the…
Category: U.S.
BevMo notifying thousands of customers after malware compromise of ecommerce site
From their template notification, submitted to the California Attorney General’s Office by Beverages & More (dba “BevMo”): Notice of Data BreachBevMo recently learned of a data incident from the ecommerce service provider that operates our website at www.bevmo.com. This incident may have affected certain customers’ payment card numbers and other information entered on the BevMo…
Four months after disclosing breach, Adams County, Wisconsin notifies HHS
Adams County, WI disclosed a breach in August that affected 258,000 and may have been an insider breach. But they only notified HHS/OCR of that breach a few weeks ago. I wonder why. There’s nothing on their site to explain the late notification.
US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…
US Breach Laws Are Coming: Vermont
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom…
Law firm notifies clients after backup drive stolen from lawyer’s car
I’ve often thrown up my cyber-hands in disgust at breaches that occur because people leave unencrypted PII or PHI in unattended vehicles. But sometimes, you read an incident report, and you can somewhat relate. This report by attorney Michael Koch, dba Lockhart, Britton & Koch in La Mesa, California is one of those times. From…