Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Category: U.S.
Data breach at military resort in Germany leaves soldiers open to identity theft
Martin Egnash reports: The Armed Forces Recreation Center Edelweiss Lodge and Resort is investigating a data breach that left some guests open to identity theft. At least 18 guests — primarily soldiers and retirees — who stayed at the resort between November 2017 and February 2018 reported that their credit cards were misused after their…
ID theft suspect had medical records, personal information of 100+ people, police say
WAVE3 reports: A man pulled over for allegedly driving a stolen car is facing a host of other charges. Andrew Davis was pulled over in a stolen car and what the arresting officers found during the search of the vehicle led to a total of 13 charges, according to Davis’ arrest report. Found in the…
Chesapeake Regional Healthcare notifies 2,100 sleep center patients of medical record breach
Elizabeth Simpson reports: Chesapeake Regional Healthcare is notifying 2,100 patients from the hospital’s sleep center program that some of their electronic health information might have been compromised. Two portable hard drives were reported missing from the hospital’s sleep center on Feb. 6, which prompted contacting law enforcement, according to a Friday news release from the…
Oregon Amends Data Breach Notification and Information Security Laws
David Stauss of Ballard Spahr writes: In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by Oregon’s governor. A copy of the new law is available here. The most notable changes are as follows: Amendments to Oregon’s Breach Notification…
South Dakota Enacts Breach Notification Law
Hunton & Williams write: As reported in BNA Privacy Law Watch, on March 21, 2018, South Dakota enacted the state’s first data breach notification law. The law will take effect on July 1, 2018, and includes several key provisions: Definitions of Personal Information and Protected Information. The law defines personal information as a person’s first name or…