NEW YORK – New York Attorney General Letitia James secured $300,000 from Sports Warehouse Inc. (Sports Warehouse), an online sporting goods retailer for failing to protect 2.5 million consumers’ personal data. Sports Warehouse, which owns the online sporting goods websites Tennis Warehouse, Running Warehouse, Skate Warehouse, and Tackle Warehouse, had poor data security that left it…
NHS data breach: trusts shared patient details with Facebook without consent
It seems that the Meta pixel issue that made headlines in the U.S. last June may first be hitting the NHS in the UK. Shanti Das reports: NHS trusts are sharing intimate details about patients’ medical conditions, appointments and treatments with Facebook without consent and despite promising never to do so. An Observer investigation has uncovered a covert tracking…
Infostealers: a threat that is still largely (too) stealthy
In September, Britton White and PogoWasRight.org teamed up to produce an explainer and caution about infostealers that was oriented to the public. Our article, Redline: Storing Passwords in your Browser Can Ruin Your Life (But Will Make Criminals VERY Happy!) included cautions about employees who work from home and who might have their login credentials…
Defiant Johns Hopkins doctor testifies she shared private patient records because she feared Russia
Mike Hellgren reports: Defense attorneys for the two Maryland doctors accused of providing the private medical records of patients to help the Russian government rested their cases on Friday afternoon. The lawyer for Johns Hopkins anesthesiologist Dr. Anna Gabrielian only called his client to the stand in her own defense. The lawyer for her husband,…
As people headed out for the holiday weekend, breaches of protected health information were being disclosed. (2)
Update: The MCNA (Managed Care of North America) incident was reported to the Maine Attorney General’s Office as affecting a total of 8,923,662 people. Update 2, May 29: This incident was claimed by LockBit in March and data were leaked in April, but the data dump URLs were not working as of last check yesterday….
NYSDFS Fines Lender and Mortgage Servicer $4.25M for Cybersecurity Failures Including Vendor Management
Joseph Lazzarotti of JacksonLewis writes: Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500. In…