Nov 122018

There’s a follow-up to an insider-wrongdoing case previously reported on this site as affecting 4,600 patients of Chilton Medical Center. The following press release appeared October 26:

Morris County Prosecutor Fredric M. Knapp, and Chief Brian C. Spring of the Pequannock Township Police Department announce the sentencing of Sergiu Jitcu, age 39, of Saddle Brook, New Jersey, on Computer Criminal Theft charges.

On or about November 8, 2017, the Morris County Prosecutor’s Office was contacted by Chilton Medical Center Director of Security who reported a theft of computer equipment from the facility by the defendant. The defendant is now a former IT employee at Chilton Medical Center. The Morris County Prosecutor’s Office Specialized Crimes Division was advised that Chilton Medical Center received information from a resident of Wisconsin that he had purchased a computer hard drive on eBay from the defendant and this computer hard drive contained personal identifying information of individual(s) who may have been treated at Chilton Medical Center. The Morris County Prosecutor’s Office Specialized Crimes Division commenced an investigation into the allegation and, ultimately, executed a Search Warrant on the defendant’s residence and motor vehicles resulting in the seizure of various computer equipment and additional items belonging to Chilton Medical Center. Subsequent investigation has revealed that at least one (1) computer storage medium, which was sold on eBay by the defendant, contained data/data bases with personal identifying information of patient(s) of Chilton Medical Center. On or about December 15, 2017, Chilton Medical Center sent notifications to patients, identified as potentially being effected by the theft, who had been treated at Chilton Medical Center advising of the incident.

The defendant plead guilty, on September 4, 2018, to the following offenses based on the defendant’s criminal activity on various dates between January 1, 2015 and November 8, 2017:

• 1 count of Computer Criminal Activity, i.e. computer theft by accessing data, data base, computer storage medium or computer equipment without authorization or in excess of the authorization, in violation of N.J.S.A. 2C:20-25a, a crime of the Third degree; and
• 1 count of Theft, i.e. the taking of computer equipment from Chilton Medical Center, in violation of N.J.S.A. 2C:20-3a, a crime of the Third degree.

On October 26, 2018, the Hon. Stephen J. Taylor, P.J.S.C., Superior Court of New Jersey, Morris Vicinage, sentenced the defendant to non-custodial probation for a term of five (5) years with the special condition that the defendant make restitution, via monthly payments thru the Morris County Probation Department, to Chilton Medical Center in the amount of $64,250.00.

Prosecutor Knapp would like to thank the Morris County Prosecutor’s Office Specialized Crimes Division, Financial Crimes Unit, Pequannock Township Police Department, Saddle Brook Police Department and Chilton Medical Center whose efforts contributed to the investigation and prosecution of this case.

Inquiries concerning this press release should be directed to Public Information Officer Peter DiGennaro at [email protected] or 973-829-8159.

Source: Morris County Prosecutor, October 26

Nov 102018

Audra Levy reports:

If you went looking for the profile of Little Miami High School on Google on Thursday, you would have been in for a surprise.

Someone hacked the profile and renamed the school “Gay Night Club For Teens”.

That “someone” appears to have used the school network, and the administration seems to think that they will be able to identify a student or students responsible for the misconduct.

When the student or students who are responsible are identified, they could face disciplinary consequences for violating our acceptable use policy,” said Briggs.

Read more on Fox19.

Nov 102018

James T. Mulder reports:

An Upstate University Hospital employee inappropriately accessed the medical records of 1,216 patients without a work or job-related reason.

Upstate announced it is contacting affected patients and the U.S. Department of Health and Human Services about the privacy breach.

The former employee accessed the records between Nov. 3, 2016 and Oct. 23, 2017. The breach was discovered Sept. 12.

Upstate said it does not believe any patient information was printed, redirected or misused by the employee.


h/t, “Russy”

Nov 102018

Benjamin Romano reports:

Seattle-based retailer Nordstrom is notifying employees of an information-security breach that exposed their names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and more.

Employees across the company received an e-mail notification and apology from co-President Blake Nordstrom on Wednesday informing them of the breach, a company spokesperson confirmed Friday.

Read more on Seattle Times.  While the notification could not be found on the Washington Attorney General’s site, a report by their external counsel was submitted to the New Hampshire Attorney General’s Office on Nov. 6 that noted that 43 New Hampshire residents were among those affected.  A copy of a notification to employees was also submitted to the California Attorney General’s Office, but that one did not indicate how many California residents were impacted.

The notifications, below, did not indicate the name of the contract employee’s firm.


Nordstrom - Individual Notification Letter_0