Data Breaches News and Analysis
2.2 million Clinical Pathology Laboratories patients exposed in AMCA breach
The list of companies impacted by the American Medical Collection Agency (AMCA) data breach has grown, with Clinical Pathology Laboratories (CPL) now reporting that the PHI of about 2.2 million customers may have been affected. CPL began notifying patients on July 5 that it had been caught up in the AMCA breach after learning last…
Sprint customer data breached via Samsung website flaw
Threat actors gained unauthorized access to an undisclosed number of Sprint customer accounts via a compromised Samsung website. “On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website,” the wireless provider said in a letter to impacted customers posted on Scribd. “The…
Data dump suggests that Evite data breach affected 100M accounts
A new addition to the data breach reference website “Have I Been Pwned?” seemingly reveals that more than 100 million accounts were compromised in this year’s data breach of the event-planning service Evite. “Have I Been Pwned?” founder Troy Hunt added a database of 100,985,047 affected accounts to his site on July 14, and in…
Premera Blue Cross to cough up $10 million to 30 states over data breach
Premera Blue Cross has consented to pay $10 million as compensation for a nearly year-long data breach that impacted more than 10.4 million health patients, the Washington state’s Attorney General Bob Ferguson announced yesterday. More than half of those funds, roughly $5.4 million, will be allocated to Washington, and will be applied toward the enforcement…
L.A. County Health Services Department contractor breach leaks patient data
A data breach at a Los Angeles County Department of Health Services contractor resulted in the compromise of data from 14,591 patients. Nemadji, a company that provides patient eligibility and billing services for healthcare facilities, identified a data breach that took place on March 28, 2019 due to an employee falling victim to a phishing…
Marriott hit with $124 million fine for 2018 data breach
The U.K. Information Commissioners Office (ICO) intends to levy a £99,200,396, or $124 million, fine against Marriott International in response to the data breach suffered by that company’s Starwood reservation data base in November 2018. Marriott reported the ICO’s intention to impart the fine, but said in a statement the company will use its right…
Real estate group ALTA warns members of possible data breach
The American Land Title Association (ALTA) on July 3 informed its members, comprised of title insurance agents, abstracters and underwriters, their usernames and passwords may have been acquired by an unauthorized person. The 102-year-old ALTA, which claims 6,000 active members, posted a security alert stating it was contacted by a person claiming to be an…
Florida state worker steals resident’s PII
About 2,000 Florida residents were potentially victimized by an employee of that state’s Department of Children and Family Services (DFCS) who accessed and used their PII to fraudulently make $260,000 in purchases. Allegedly, state staffer Bertanicy Garcia, an interviewing clerk at the Miami DFCS, worked in conjunction with six accomplices to whom she distributed personal…
New York Legislature passes bill that toughens breach notification standards
The New York State Legislature last month passed The Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which is intended to strengthen the state’s data security laws by more explicitly defining when and how businesses must notify the public and attorney general of a data breach incident. The proposed legislation, introduced by State Senator…
Data management firm exposed client info on open Amazon S3 buckets: researchers
Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…
5M records exposed by misconfigured MedicareSupplement.com MongoDB
A MedicareSupplment.com MongoDB containing more than five million records was found open to the public containing a wide range of PII. The records were found by the security firm Comparitech and researcher Bob Diachenko on May 13 containing first and last name, full address, IP address, email address, date of birth, gender and marketing-related information.…
Sun Prairie, Wis. warns of data breach after intruder accesses employee email accounts
For nearly two months this year, an unauthorized party had illegitimate access to the email accounts of certain employees working for the city of Sun Prairie, Wisconsin. These accounts contained sensitive data such as Social Security numbers, account logins and passwords, drivers’ licenses, state identification numbers, bank and financial account numbers, medical information and payment…
Dominion National announces nearly decade long breach
Dominion National announced the discovery of a nearly decade long breach involving unauthorized access to its servers. On April 24, the investigation of an internal alert revealed that the unauthorized party may have accessed some of the firm’s computer servers as early as August 25, 2010, according to a notice of data security incident posted…
Social Engineered hacked, user data leaked, dumped on rival site
User data from Social Engineered, which bills itself as a forum for the “Art of Human Hacking,” was leaked in mid-June and posted on a rival site. “Mybb had a vulnerability yet again and the site got breached along other websites using Mybb,” Social Engineered founder, Snow101, confirmed in a blog post. “We moved over…
Insider exposes PII of 2.9 million Desjardins customers
The Canadian financial institution Desjardins was the victim of an insider threat resulting in the data of 2.9 million customers being exposed, including crucial personal and business information. The Montreal-based credit union was told by the Laval Police Department the information of 2.7 million individual customers, along with 173,000 business clients had been leaked. An…
Ransomware attack on software company ResiDex may have exposed data on assisted-living residents, workers
Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware. The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the…
645,000 Oregonians affected in previously disclosed Dept. of Human Services breach
Oregon’s Department of Human Services (DHS) is in the process of mailing notifications to roughly 645,000 of its reportedly 1.6 million clients, following a data breach incident last January that resulted from a phishing scam. When DHS first publicly disclosed the incident last March, it said the number of affected Oregonians exceeded 350,000, but it…
Facebook’s xSocialMedia ad agency exposes 150K medical histories
Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits. The files were found by vpnMentor on June 2, and which have since been secured. The exposed information was gathered through Facebook…
EatStreet data breach affecting diners, restaurants and delivery firms
The online food ordering and delivery service EatStreet informed its customers and partners that it suffered a data breach exposing a variety of personal data including payment card information. According to the California State Attorney General’s office, EatStreet sent letters to its diners, delivery and restaurant partners. In each letter the company noted that it…
Data breach forces AMCA’s parent firm to file Chapter 11 bankruptcy
The medical bill collection firm Retrieval-Masters Creditors Bureau Inc. has filed for Chapter 11 bankruptcy protection citing the fallout from a massive data breach that exposed the information of millions of patients. Retrieval-Masters Creditors Bureau Inc., which collects debts from medical labs under the name American Medical Collection Agency (AMCA) filed in the Southern District…
