It seems that Walgreens had an insider breach at their Harford Rd., Baltimore store. On November 27, they reported to the the Maryland Attorney General’s office that a pharmacy employee had been accessing misusing customers’ credit card numbers. Eight Maryland residents were affected. Walgreens learned of the breach on November 4, terminated the employee, and…
Details emerge on Hospital for Special Surgery breach
On November 15, I reported on some updates to HHS’s breach tool. One of the entries I wrote was: The Hospital for Special Surgery in New York reported that 537 patients had PHI stolen on March 19, although it’s not clear from HHS’s log whether the data were stolen from a computer or if the computer itself…
Affinity Gaming announces breach affecting all 11 casinos; fraudulent charges reported
It’s just hitting the media today that Affinity Gaming was hit by a cyberattack earlier this year that affected customers at its 11 casinos. They were alerted to the breach by the FBI in October, and the critical period for data compromise is March 14 – October 16. Here is the relevant parts of their announcement…
W.J. Bradley Mortgage Capital notifies clients after employee took their information to her new employer
Some companies shield others’ names in their breach notifications. Others are not averse to naming names. Consider this breach notification from W.J. Bradley Mortgage Capital: The purpose of this letter is to notify you of a breach of some personal information that you disclosed to W.J. Bradley Mortgage Capital, LLC (“WJB”) in connection with a…
Danner hacked; notifies customers (updated)
And it seems Danner has joined the ranks of the recently hacked. In a notification to the New Hampshire Attorney General’s Office by their lawyers on December 19, they report that on November 28, code was injected into the computer that operates their web site. The intrusion was detected on December 11. Forensic examination could not…
Huntington’s Disease Society of America suffers second security incident in six months
This has not been a good year for the Huntington’s Disease Society of America (HDSA). In August, I reported that an executive’s e-mail accounts was compromised, and although the attacker’s attempt at a fraudulent wire transfer was thwarted, personal information of board members, donors and vendors might have been accessed. Now HSDA has reported another breach,…