From the Washington Attorney General’s Office yesterday, a press release on an expansion of the breach notification requirements. Of special note, under the new law, a hacker acquiring a name in combination with a student ID would trigger notification obligations, but only if the information was not secured or made unusable (e.g., by encryption) AND …
Italy’s DPA Fines Data Processor for Information Security Failures
Odia Kagan of FoxRothschild writes: Caveat Data Processor. Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures. Service providers should ensure that the data entrusted to them by their data controller customers is adequately protected. Read more on Privacy…
Phishing threats results in safety measures from Ohio University
Abby Miller reports: Ohio University has implemented multiple safety measures in order to decrease the amount of phishing email attacks against OU faculty and students. The first security updates were implemented on March 9, which were a part of OU’s bigger plan to increase its security measures, according to its website. The changes were put…
The 2018 Internet Crime Report is out: a first glance
The The FBI’s Internet Crime Complaint Center (IC3) 2018 Internet Crime Report has been released. The report includes information from 351,936 complaints of suspected Internet crime, with reported losses in excess of $2.7 billion. Here’s a spoiler alert, as I haven’t had time to read the entire report yet. From their summary: This past year,…
NJ: Ronald Snyder, M.D., Notifies patients after ransomware incident
From a press release by pediatric orthopedic surgeon Ronald Snyder, M.D.: April 18, 2019 /PRNewswire/ — On April 18, 2019 Ronald Snyder, M.D., (“Dr. Snyder”), announced a recent event that may have impacted the privacy of personal information relating to certain individuals. While Dr. Snyder is unaware of any attempted or actual misuse of personal information…
Bodybuilding.com experiences data security incident
CBS2 reports: Bodybuilding.com announced Friday that some of their employment-related information may have been accessed in a data security incident. The possible information accessed could have been group health plan subscriber information, such as protected health information of certain employees and former employees. “While the Company has no evidence that personal information was accessed or…