personally identifiable information – Page 3

Walgreens app exposes customer prescription data

Posted on March 2, 2020 by Sean Lyngaas

Pharmacy chain Walgreens is alerting customers that their prescription data and other information may have been exposed thanks to a flaw in the company’s messaging app. An “error” in the messaging feature of the Walgreens app that customers use to track prescriptions left some of their personal information exposed to other customers between Jan. 9 and Jan. 15, according to Rina Shah, vice president of pharmacy operations. A “small percentage” of customers were affected, she said. Exposed data included customers’ names, prescription numbers, drug names and, in some cases, shipping addresses. It did not include financial data, Shah said in a letter posted last week to the California attorney general’s website. California law requires companies to report data breaches affecting state residents. It was unclear precisely how many people were affected by the breach. A Walgreens spokesperson did not immediately respond to a request for comment. The company advised customers to monitor their prescriptions […]

The post Walgreens app exposes customer prescription data appeared first on CyberScoop.

Continue reading Walgreens app exposes customer prescription data→

Private photos leaked by PhotoSquared’s unsecured cloud storage

Posted on February 19, 2020 by Lisa Vaas

With no password required and no encryption in place, a burglar or ID thief could have seen your photos, your address and more. Continue reading Private photos leaked by PhotoSquared’s unsecured cloud storage→

Sensitive plastic surgery images exposed online

Posted on February 18, 2020 by Danny Bradbury

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database. Continue reading Sensitive plastic surgery images exposed online→

Google forced to reveal anonymous reviewer’s details

Posted on February 17, 2020 by Danny Bradbury

A court has forced Google to reveal the details of an anonymous poster who published an unpalatable review of a dentist. Continue reading Google forced to reveal anonymous reviewer’s details→

Senator calls for dedicated US data protection agency

Posted on February 17, 2020 by Danny Bradbury

The US needs a data protection agency of its own, and Kirsten Gillibrand wants to be the one that makes it happen. Continue reading Senator calls for dedicated US data protection agency→

Class action lawsuit filed against two Puerto Rican hospitals for alleged ransomware attacks

Posted on February 13, 2020 by Shannon Vavra

A class action lawsuit was filed earlier this week in the U.S. District Court for the District of Puerto Rico against two hospitals for what plaintiffs are calling “reckless and negligent violation of patient privacy rights” in light of alleged ransomware attacks that hit the hospitals last year. The alleged ransomware attacks, which took place in February last year at the Pavía Hospital Santurce and Pavía Hospital Hato Rey hospitals, affected 305,737 people, according to Department of Health and Human Services records. The plaintiffs, both former patients of the hospitals, allege patients’ personal identifying information, including full names, addresses, dates of birth, gender, financial information, and social security numbers, were exposed as a result of the attacks. These records also constitute protected health information as designated by HIPAA. “These patients reasonably expect the highest level of protection for their private identifiable information, when giving highly sensitive information such as their Social Security […]

The post Class action lawsuit filed against two Puerto Rican hospitals for alleged ransomware attacks appeared first on CyberScoop.

Continue reading Class action lawsuit filed against two Puerto Rican hospitals for alleged ransomware attacks→

Twitter and the Saudi Computer Crime – Or Was It?

Posted on November 13, 2019 by Mark Rasch

What the two Twitter employees’ actions in accessing user data for use by the Saudi Kingdom was not technically a criminal offense On Nov. 7, the United States Department of Justice (DoJ) charged two individuals, one a U.S. citizen the other a c… Continue reading Twitter and the Saudi Computer Crime – Or Was It?→

UniCredit leaks 3 million customer records in data breach

Posted on October 29, 2019 by Filip Truta

Italian banking giant UniCredit has suffered a “data incident” that exposed 3 million customer records, including full names, phone numbers and email addresses. UniCredit issued an urgent security notice yesterday announcing that a file con… Continue reading UniCredit leaks 3 million customer records in data breach→

California adds biometric specs to data breach law

Posted on October 17, 2019 by Filip Truta

California is changing its Information Practices Act of 1977 to expand the definition of personal information with additional identifiers, including biometric data of those affected. The amendment comes with new instructions on how to notify affected p… Continue reading California adds biometric specs to data breach law→

Make Digital ID Verification Part of Your CCPA Strategy

Posted on September 11, 2019 by Robert Prigge

As CCPA is poised to take effect, companies must ensure they don’t put personal information in the wrong hands The lines between the digital and physical world are continuing to blur and companies need to be ready to differentiate the two. A 201… Continue reading Make Digital ID Verification Part of Your CCPA Strategy→