The monetary penalties levied against ride-sharing giant Uber for covering up a 2016 breach continue to mount. From the ICO’s office: The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack. A series of avoidable data security flaws allowed the personal details…
Mercy Medical Center – North Iowa notifies 1,900 patients after insider wrong-doing discovered
Ashley Stewart reports: Mercy Medical Center–North Iowa has notified about 1,900 individuals of a potential data breach involving their health records and personal information. In notification letters mailed to affected individuals and their families Nov. 26, patients were told their protected health information may have been “inappropriately accessed by an employee between July 2017 and…
Bulgarian Prosecutors Detain Three Hackers Allegedly Involved in $5 Million Crypto Theft
Helen Partz reports: Bulgarian Gendarmerie forces and specialized prosecutors have arrested three hackers allegedly involved in stealing $5 million in crypto, Sofia-based newspaper 24 Chasa reports Monday, Nov. 26. Bulgarian police reportedly seized cryptocurrencies worth around $3 million, as well as the equipment allegedly used by the thefts, including computers, flash drives, and a hardware…
UK cops won’t go after researcher who reported security issue to York city officials
Catalin Cimpanu reports: North Yorkshire Police said today they’re not pursuing a criminal case against the researcher who found a vulnerability in a mobile app developed by the York city council. City officials had reported the researcher to police earlier this month, but North Yorkshire Police said “the researcher has acted correctly.” Read more on…
Allergy practice pays $125,000 to settle doctor’s disclosure of patient information to a reporter
From HHS, this enforcement action press release: Allergy Associates of Hartford, P.C. (Allergy Associates), has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act…
PA: Judge revives employee lawsuit against UPMC after 2014 data breach
Rachel Z. Arndt reports the latest development in litigation stemming from a 2014 data breach disclosed by the University of Pittsburgh Medical Center. Within a year, more than 800 employees had reportedly become victims of tax refund fraud/identity theft. The Pennsylvania Supreme Court last week revived an employee lawsuit against UPMC stemming from a data…