On March 10, Kroger’s Healthy Options program, Postal Prescription Services (PPS), issued a statement about a privacy breach. According to their statement, some PPS patients’ names and email addresses were erroneously shared with the grocery side of Kroger’s business due to an internal error. Kroger doesn’t state when the breach first occurred, but they...
Tori Bedford reports: Thousands of employees in the Massachusetts cannabis industry received an official email last week about a major data breach: the name, home and email address, phone number and date of birth of every cannabis worker in the state had been made public in an “inadvertent release of agency documents” by the...
Zoey Khalid reports: Former Colorado GOP Senate candidate Robert “Eli” Bremer is livid over the Air Force’s failure to notify him about the branch’s improper release of his military records, which he first learned about from a reporter who was covering the latest developments in the problematic story for the Defense Department. Speaking to...
Marianne Kolbasuk McGee reports: Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet. Researcher Jeremiah Fowler of security services firm Security Discovery told Information Security Media Group he found the unsecured database in mid-February...
ES: HLA Grupo Hospitalario data listed for sale after web server misconfiguration On March 14, a forum user on BreachForums listed data from the HLA Grupo Hospitalario in Spain for sale. The listing advertised 45,000 patient records and information on 1,600 doctors, with samples provided of each. HLA Grupo Hospitalario is owned by Asisa,...
Ashley Belanger reports: A Dallas County Sheriff’s Department deputy, Francisco Castillo, was briefly suspended after livestreaming a traffic stop, allegedly just to gain TikTok clout, in 2021. Now, the Texas motorist that he pulled over, Torry Osby, is suing, saying that the deputy exposed Osby to risks of identity theft and break-ins at his home...
WRAL reports: A data leak at the University of North Carolina at Chapel Hill has exposed more than 1,000 Social Security numbers. The university said human error played a role in tax forms that were sent to the wrong people. The leak happened in late January. It included names, addresses, Social Security numbers and...
The Chautauqua Center (TCC) in New York has disclosed a HIPAA breach by a business associate. The business associate’s error resulted in the protected health information of 747 physical and occupational therapy patients being made accessible to other covered entities. According to their notification letter to those affected, the breach occurred on December 22nd...
In a refreshingly straightforward breach disclosure, Sentara Health in Virginia reports that on December 19, an anonymous individual called their Compliance Hotline to alert them that while searching for something online, the called had stumbled across an exposed file with patients’ Medicare billing information. Sentara quickly verified the caller’s report and determined that the...
Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals