We are writing to you because of an incident at Unique Vintage. On September 14, 2013 we discovered a data security incident that involved some of your personal information. Unique Vintage is Payment Card Industry Security Standards Council (“PCI”) compliant and implements the latest measures reasonably possible to protect its customers’ sensitive information. However, the very sophisticated data breach…
Computer server containing Virginia Tech job application info illegally accessed (updated)
Virginia Tech has learned that a computer server in the Department of Human Resources was illegally accessed on August 28, 2013. A VT spokesperson informs DataBreaches.net that the illegal access was from outside the school an IP address in Italy. The server contained information about 144,963 individuals who used the institution’s online employment application process…
UK: Royal Free Hospital in clear after losing medical records of 78 pregnant women
Tom Marshall reports: The Royal Free Hospital will not be penalised after staff lost a log containing the confidential medical details of 78 pregnant women. The Information Commissioner’s Office (ICO), the data protection watchdog, confirmed this week that it will take no further action after investigating the incident. Read more on Ham&High
Breach notifications: what really happened vs. what they tell us
I’ve often pointed out how breach notification letters to those affected may omit details that consumers might want to know but breached entities probably prefer we not know. I came across another example today. Let’s start with what happened, as described by attorneys for Vector Security to the Maryland Attorney General’s Office. Vector Security provides…
21st Century Oncology employee stole patient information for tax refund fraud scheme – feds
Here’s one we may not see on HHS’s public breach list, depending on how many patients were involved. 21st Century Oncology Services, an affiliate of Peninsula Cancer Care Center and 21st Century Oncology of Maryland, notified the Maryland Attorney General in July that they had been informed by federal law enforcement of an insider breach…
The DEA Thinks You Have “No Constitutionally Protected Privacy Interest” in Your Confidential Prescription Records
Nathan Freed Wessler writes: The Drug Enforcement Administration thinks people have “no constitutionally protected privacy interest” in their confidential prescription records, according to a brief filed last month in federal court. That disconcerting statement comes in response to an ACLU lawsuit challenging the DEA’s practice of obtaining private medical information without a warrant. The ACLU has just filed its…