Joshua Miller reports: A data mix-up on a state tax portal inadvertently made private data from about 16,500 business taxpayers viewable to other companies, potentially even competitors. The breach lasted from Aug. 7, 2017, through Jan. 23, 2018, and allowed some companies to view other business’s names, federal employer identification numbers, tax payments, and other…
Category: U.S.
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…
This time, students’ records left behind
Barb Ickes writes: The 6-year-old’s psychological assessment is marked “confidential,” yet, there it is in my inbox. I didn’t read it. Finding it in my email felt wrong enough. But I understand what Jim Ziebell was doing. He was offering an example of the records that were left behind at a former school in Lost…
KY: Livingston County Schools teachers, staff fear identity theft
Blake Stevens and Randall Barnes report: Many teachers, bus drivers, custodians, and other school staff in Livingston County fear their identities may have been stolen. Superintendent Victor Zimmerman apologized Monday night for unknowingly posting payroll information with social security numbers on the Livingston County school district’s website. The breach was part of an attachment for…
Idaho Transportation Department email hack may have exposed truckers’ private information
EIN reports: A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposed the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. State Information Security Director Jeff Weak said ITD’s Division of Motor Vehicles has identified and notified about 140 individuals and…
AMP Global Clearing LLC fined for lax security
A monetary penalty resulted from a misconfigured backup uncovered by Chris Vickery, who was then with Kromtech Security. It was reported publicly in April, 2017 by a number of outlets, including The Daily Dot. This was one of those cases where a vendor’s mistake turned out to be costly. The Commodity Futures Trading Commission (CFTC)…