As reported here Wednesday, Connecticut’s Attorney General Richard Blumenthal has filed suit against Health Net for failing to secure member information and for failure to notify members of a security breach in a timely fashion. United Health Group and Oxford Health Plans are also named as defendants in the suit because although they were not…
Audit: Some Ohio University computers not immune to hackers
Dave Hendricks reports: Computers at two Ohio University campuses contained Social Security numbers that weren’t encrypted or protected from theft, internal auditors told university trustees in a meeting today. […] The findings, which come nearly four years after hackers breached five university servers containing medical records and Social Security numbers, underscore the difficulty of locking…
NYC: Audit Report on the Controls of the Administration for Children’s Services Over Personally Identifiable Information
The comptroller’s December 2009 audit report can be found here. ACS collects a lot of PII on many children in NYC, including medical information, complaints of child abuse, etc. The most significant audit findings included inadequate password security for the local network and Blackberry devices. With respect to the former, the audit found 15 instances…
AU: ALRC renews data loss financial penalty call
Christina Zhou reports: The Australian Law Reform Commission (ALRC) has renewed its call for fines for failing to notify the privacy commissioner of data breaches after the UK introduced penalties of up to half a million pounds. The ALRC initially made the call in its report: For Your Information: Australian Privacy Law and Practice released…
Louisiana woman pleads guilty to access device fraud and mail fraud
Geralyn Moore, age 32, a resident of Marrero, LA, pled guilty in federal court today before U. S. District Judge Eldon E. Fallon to one count of access device fraud and two counts of wire fraud related to fraudulent purchases made on a Discover Card, which did not belong to her, announced U. S. Attorney…
Online Banking and “Reasonable Security” Under the Law: Breaking New Ground?
David Navetta writes: With the report of another data security-related lawsuit involving online banking (another 2009 lawsuit referenced here involved an alleged loss of over $500,000), and a recent victory for a plaintiff on a summary judgment motion in a similar online banking data security breach case, the question arises whether online banking breaches will…