A report by Tisha Thompson and Rick Yarborough of the News4 I-Team makes a good point – that even when people know their PII is floating around or may be on black markets, they often have no clue their medical information or insurance information is also for sale on underground markets.The team interviewed one of the…
Alabama state employee sentenced for stealing info from state database for tax refund fraud scheme (updated)
An update to a case reported previously on this blog: Lea Tice Phillips, who had been employed by an unnamed Alabama state agency, was sentenced to 94 months in prison and ordered to pay restitution of $567,631 for her role in a tax refund fraud scheme. Phillips had pleaded guilty in May. Aha. Finally we know…
Kierkegaard & Perry Labs report hack through a “known bug” in their platform
I think it would be fair to say that Kierkegaard & Perry Labs, Inc’s breach notification to Maryland in July impressed me somewhat unfavorably. KPL was reporting a hack that had compromised some customers’ names, addresses, and credit card numbers with expiration dates and CVV codes. Their investigation revealed that 8 customers’ information was acquired (not…
MO HealthNet/InfoCrossing breach much longer and larger than previously recognized
The MO HealthNet mailing error breach due to a software error by its Business Associate InfoCrossings was much bigger than originally reported, it seems. Maria Altman reports: Personal information for more than 25,000 Missourians in the state’s managed health plan went out to the wrong mailing addresses. The Department of Social Services announced Monday that…
This hacker might seem shady, but throwing him in jail is bad for everyone
Timothy B. Lee writes: On Friday, the U.S. government filed its brief in the appeal of Andrew “Weev” Auernheimer, who was convicted of federal hacking charges for downloading hundreds of thousands of customer e-mail addresses from AT&T’s Web site. The government says the conviction was proper, but many security researchers and civil liberties advocates argue that the…
Mandatory Data Breach Notice Bill Stalls As Canadian Parliament Session Closed
Peter Menyasz reports: The Canadian government’s Sept. 13 decision to end the Parliament’s legislative session has at least temporarily blocked passage of proposed amendments (Bill C-12) to Canada’s framework federal privacy law that would have introduced a limited mandatory data breach notification requirement. A new parliamentary session is scheduled to start Oct. 16, and the…