Reuters reports: Investment research firm Morningstar Inc said personal information, including credit card details, of about 2,300 users of its Morningstar Document Research service may have been compromised due to a security breach last year. The incident on April 3, 2012 may also have led to the leakage of names, addresses, email addresses and passwords,…
Statement of Public.Resource.Org on IRS web exposure of tens of thousands of SSNs
From their web site: Public.Resource.Org has discovered that the Internal Revenue Service has posted the Social Security Numbers of tens of thousands of Americans on government web sites. The database in question contains the filings of Section 527 political organizations such as campaign committees. This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers,…
Appeals Court Sends Fiserv Data Breach Case Back to Trial
Robert McGarvey reports that a credit union’s lawsuit against Fiserv has been resurrected by a Tennessee court: The Court of Appeals in Tennessee, in a ruling filed July 3, ruled that a lower court erred when it dismissed a suit filed by Copper Basin Federal Credit Union and CUMIS against Fiserv Inc., wherein the plaintiffs…
Shining some light on medical privacy and security breaches in California; over 13,000 reported in 3+ years
The California Department of Public Health recently added a breach report to its web site involving California Hospital Medical Center – LA. According to their report of November 2010, in May 2010, the police department discovered face sheets with 102 patients’ names, financial, insurance, and diagnostic information in the trunk of a patient accounts representative’s…
HIV Patients Refused Medical Privacy by the University of California, in Spite …
It may not violate HIPAA to use a patient’s first and last name when staff call patients to come into the exam room from the waiting room, but it can sure cause privacy problems. Read HIV Patients Refused Medical Privacy by the University of California, in Spite … Here’s the background: Alex went to see his…
Vermont and North Dakota Amend Breach Notice Laws
Michael Young writes: On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new…