So an employee engaged in naughty (illegal) conduct with respect to some of the customers’ accounts, and now you have to notify all customers whose data he may have accessed in the normal course of his duties? That’s what happened to Golden 1 Credit Union. From their notification template: We are writing to inform you of a…
East Bay Perinatal Medical Associates notifies patients after patient list discovered on employee’s laptop (updated)
What may have been an innocent, but improper, storage of PHI on an employee’s personal laptop has led to a breach notification by East Bay Perinatal Medical Associates. The only thing that might seem a tad concerning is that the breach was discovered by police who were apparently investigating an unrelated matter. The employee was not…
900,000 Online and phone customers affected by Hanes hack
Richard Craver reports: Hanesbrands Inc. said Wednesday that a customer order database was breached by a hacker in June, compromising information for about 900,000 online and telephone customers. The hacker gained access to general customer information through the company’s website by posing as a “guest” customer checking an order, meaning they weren’t registered on the…
South Korea: Major health data breach hits sector ‘weak’ in compliance
Rocio Galeote has more on the case in South Korea that involves the allegedly illegal sale of prescription information to IMS Health Korea and the transfer of that info to IMS Health in the U.S., etc. The breach impacts 43 – 44 million Koreans. I still haven’t seen anyone name the systems developer who’s also charged…
Feds: Iranian hacker targeted Vermont aerodynamics firm
Mike Donaghue reports: A university student from Iran hacked into the computer system of a Vermont aerodynamics company to steal millions of dollars worth of software, according to federal authorities. Nima Golestaneh, who will celebrate his 30th birthday Thursday behind bars, has pleaded not guilty to a six-count indictment. Read more on USA Today.
UK: Community Transport (Brighton,Hove & Area) Ltd signs undertaking after ICO investigation reveals data protection deficiencies
The Information Commissioner (ICO) was informed on February 12, 2015 that a removable hard drive containing personal data had been taken home by a member of staff and that the employee had subsequently failed to return it. The removable hard drive contained a back-up of Community Transport Ltd’s customer database, which contained 4,138 individual records….