Jan 192018


DOS providing free credit monitoring services for 945 affected individuals


In January 2013, The Florida Department of State, Division of Elections temporarily participated in a project pilot in an effort to facilitate validation of information between states. In September 2017, the last four digits of the social security numbers of 945 individuals was inadvertently provided to an individual member of the public in response to a public records request.  These numbers were originally provided to the department by another state in 2013 as information that may have been a potential match to a Florida voter’s information. While these individuals have been identified and are being contacted directly by the department, any individual who believes their personal information may have been released may also contact 850.245.6022.

At this time, the department has no reason to believe individuals’ information has been misused. However, in an abundance of caution and to help individuals detect any possible misuse of this information, we are providing a one-year membership in LifeLock program for those affected. This service will be free for all those who were identified. For more information, including steps one may take to protect themselves from potential harm, individuals may call 850.245.6022. If you are writing on this event, it is imperative to include the department’s phone number in your reporting.

Potentially affected individuals may also wish to review their credit history for any potential fraudulent or suspicious activities they have not authorized. To protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files.  A fraud alert notifies creditors to contact individuals before opening new accounts in their name. Individuals can call any one of the three major credit reporting agencies at the numbers below to place a fraud alert on their credit files and may obtain a free credit report at www.annualcreditreport.com.

Experian – 1-888-397-3742

Equifax – 1-888-766-0008

TransUnion – 1-800-680-7289

Additionally, the Department of State has arranged to have LifeLock provide identity theft protection for one year to each individual whose partial social security information was released as a consequence of this inadvertent disclosure. If your partial social security information was released, you will receive instructions on how to take advantage of the LifeLock service at no cost to you.

The department is notifying all potentially affected individuals in accordance with state and federal law, including information on credit monitoring services. Pursuant to 45 CFR 164 and Section 501.171, Florida Statutes, this is notification that the Florida Department of State had a security breach, which affected 500 or more individuals in the state of Florida.

Source: Florida Department of State

Jan 172018

WTVA reports:

After thousands of customers’ HIV statuses were revealed in mailings last year, a federal class-action lawsuit against health care company Aetna has reached a $17 million settlement.

The lawsuit was filed in August after some 12,000 Aetna customers nationwide received letters mailed in July that accidentally revealed their HIV status through the windows of the envelopes, indicating they were taking either HIV medications or PrEP, a pre-exposure prophylactic that prevents HIV.

Read more on WTVA.

Jan 162018

Ashley Cullinane reports:

Medical records were found dumped in New Bedford, sparking concern in the community.

Private information like social security numbers and licenses are printed in the files, New Bedford Live reported.

The records belonged to MD Medical Spa and Wellness Center in Hyannis and Norwell, Massachusetts. The facilities shut down in 2016.

Read more on TurnTo10.com. In this case, someone did try to dispose of records, but may have been “naive,” as he explains.

Jan 162018

Joe Pinkstone reports:

SinVR, a virtual reality porn app with 20,000 members, had a huge security flaw that exposed the personal details of its members to potential hackers.

SinVR is a app that allows people to explore different sexual scenarios and interact with various characters in the virtual world.

London-based cybersecurity firm Digital Interruption found a hidden ‘backdoor’ in the software which gave outsiders access to the user names and emails of the members.

Of note, the security firm attempted to responsibly disclose to SinVR, but reportedly received no reply, leading them to go public with their findings.

Digital Interruptions tracked down usernames, emails and even PayPal details of customers.

Once SinVR (finally?) became aware of the problem, it seems to have been addressed fairly quickly.

Read more on Daily Mail.


Jan 162018

It seems like only one year ago that I was posting a news story about a string of data protection breaches by employees at the Leicester City Council.

Oh wait, it was a year ago.

Now it appears that there is yet another breach.  Stowe Family Law LLP reports:

An unnamed person at Leicester City Council accidentally included a “large spreadsheet” as an attachment in emails sent to 27 different taxi firms inviting tenders to transport children living in residential homes, as well as adults with disabilities.

Once the error was uncovered the following day, council officials quickly sent a recall notice. This email said the attachment had contained “passenger information”, the BBC reports.

“Please delete this email. Please then delete the email from your “Deleted items” folder. Please do not try to open or read it.”

Read more on Stowe Family Law.