Cindy George reports: A “carbon copy” email sent last week from the Houston Methodist Cancer Center to patients showed the addresses of all recipients, potentially revealing their identities to the public and their association with the treatment facility. Patients were alerted about the issue by Houston Methodist in a letter dated March 16 and sent…
Category: U.S.
Oh those inadequately secured backup devices…
While I’ve been busy tracking W-2 phishing scams, let’s not lose sight of the fact that there are other ways for criminals to obtain W-2 or tax information, and that human error continues to turn assets into low-hanging fruit. Interpreters Unlimited recently notified the Vermont Attorney General’s Office that the contents of an employee’s backup device were…
Lane Community College notifies health clinic patients of potential breach
Dylan Darling reports: A virus-infected computer at the Lane Community College health clinic may have relayed patient information — names, addresses, Social Security numbers and more — to an unknown third party for more than a year, the college said Friday. LCC said it has sent letters warning 2,500 patients whose information may have been…
Neiman Marcus to settle long-running data breach litigation for $1.6m?
Law360 reports: Neiman Marcus has agreed to pay $1.6 million to resolve a data breach class action in Illinois federal court over a December 2013 cyber intrusion that revealed the credit card data of 350,000 shoppers of the luxury retailer, according to a court document filed Friday. Read more on Law360 if you have a…
Google Points to Another POS Vendor Breach – Krebs
Brian Krebs reports: For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant. A little over a…
Affiliated Santé Group learned that patient info was exposed on GitHub for years
So there was another breach disclosed in January that I didn’t find out about until today. It’s an insider-error situation involving a software developer contractor who unintentionally exposed protected health information (PHI) of 550 patients on GitHub – for more than five years. Here is Affiliated Santé Group’s notification: January 30, 2017 RE: Notice of…