Friday, July 31, 2015

Credit Union Employee Unauthorized Activity with Customer IDs

An employee of a California credit union carried out unauthorized activity on members' accounts from April through mid-June of 2015. The credit union notice states "The personal information available for viewing by this person included full name, social security number, driver’s license number and other financial information."

The employee has been terminated and an investigation of possible fraudulent use of members' personal identifying information (PII) is ongoing. The credit union has offered credit monitoring to members.

" a person employed by us from early April to mid-June of this year appears to have engaged in unauthorized activity involving a small number of member accounts."
- Credit union notice sent to members
It is unclear how the unauthorized activity was discovered. Organizations seeking to proactively detect unauthorized activity, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Re: Security of personal information - www.OAG.ca.gov

Thursday, July 30, 2015

Financial Services Employee Stole Customer IDs for Fraud

A now former employee of a financial services company has been "charged with making identity information available for fraudulent purposes."

Allegedly, this Toronto man provided customers' identity information to counterfeiters. Police have advised customers who may be victims of these identity thefts to wait for the financial services company to contact them.

"police have charged a man suspected of selling people's ID information."
- City News
It is unclear how the identity thefts were discovered or over what time period they occurred. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
DLearn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Toronto man arrested following identity theft investigation - www.CityNews.com, 07/29/201506

Wednesday, July 29, 2015

Bank Employee Stole Customers' IDs for Theft Scheme

A lead customer service representative at a Chicago bank stole customer identities and shared the information with another individual who used the identities to obtain debit cards and then make ATM withdrawals and purchases. The identity thefts occurred from October 2010 to January 2011.

The now former bank employee was sentenced to five years probation and ordered to pay $47,449 in restitution to the bank for her role in the identity theft scam.

"she unlawfully accessed bank clients’ accounts and provided their names and other information to another individual without the clients’ knowledge." - NWI Times
It is unclear how the identity thefts were discovered or why they were allowed to occur for several months. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Woman given probation for role in ID theft scheme - www.NWItimes.com, 07/24/2015

Tuesday, July 28, 2015

Court Insider Illegally "Fixed" DUI Charges

A California county clerk charged about 1,000 people a fee to illegally "fix" their DUI and misdemeanor cases. The legal counsel for the County Superior Court system said the cases date back to 2010 and include courts across the county.

"That is big-time corruption," said Stanley Goldman, a Loyola law professor and veteran criminal lawyer. "While the individuals' cases might be relatively low-level offenses, with so many together that adds up to a very serious criminal enterprise."

"computerization of the court system might have made it easier for the wrongdoer to alter cases." - Loyola law professor, Stanley Goldman
It seems his insider's illegal activities went undiscovered for five years only because another court employee noticed an incomplete DUI case leading to a review of all cases handled by the rogue employee. Rather than discover such illegal activity by chance, organizations can detect it proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) O.C.'s illegally fixed court cases add up to 'big-time corruption' - www.LAtimes.com, 06/20/2015

Monday, July 27, 2015

Health IT Survey: 64% said an insider responsible for a significant incident

According to a survey by the HIMMS (Health Information and Management Systems Society) 87 percent of health information security officers and other health IT professionals said cybersecurity has become a higher business priority within their organizations in the last year.

The top source of recent “security incidents” is negligence inside the organization (46% of respondents), and 64 percent said that "an insider has been responsible for a significant incident at some point."

"64 percent said that an insider has been responsible for a significant incident at some point."
- HIMSS survey
Healthcare organizations seeking to proactively detect insider data privacy breaches and identity thefts can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - www.MedCityNews.com, 06/30/2015

Thursday, July 23, 2015

$3.5M FCC Settlement by Telcom for Privacy Violation

The Federal Communications Commission (FCC) and a telecommunications provider have reached a $3.5 million settlement. The FCC's Enforcement Bureau investigated whether the telecommunications company violated the privacy of customers' personal identifying information (PII).

The FCC has made it clear that Section 222(a) of the Communications act requires telecommunications carriers "to take every reasonable precaution to protect the confidentiality of proprietary or personal customer information" and that it is committed "to taking resolute enforcement action to ensure that the goals of Section 222 are achieved."

"imposes a duty on every telecommunications carrier to protect the confidentiality of proprietary information of, and relating to...customers. ."
- Section 222(a) of FCC Communications Act
Organizations seeking to proactively detect breaches of customer privacy can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) In the Matter of TerraCom, Inc., and YourTel America , Inc. -
www.FCC.gov, 07/09/2015

Disgruntled Employee Leaked Personal Data about 100,000 Colleagues

An employee of a UK supermarket leaked sensitive personal information about 100,000 colleagues because he held a grudge against the company. Data containing information including salaries, National Insurance numbers, dates of birth and bank account details were sent to newspapers and also uploaded to data sharing websites.

The now former employee was charged with fraud by abuse of position, unauthorised access to data with the intent of committing an offence and disclosing personal data. The data breach cost the company more than £2m to rectify, according to court documents.

"The data breach cost the company more than £2m to rectify."
- Court documents
Rather than learn about an insider data breaches in a newspaper, organizations can proactively detect them by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Morrisons employee accused of leaking data on 100,000 supermarket staff because he bore a "grudge" against company - www.LiverpoolEcho.co.uk, 07/14/2015

Wednesday, July 22, 2015

Insider Data Leak at Real Estate Firm

A New Zealand real estate company has fired an employee who leaked the sales data that has sparked a controversy about the number of overseas Chinese buying houses in New Zealand.

The CEO of the real estate company said information held on behalf of clients and customers was "sacrosanct." But seems the company was unaware of the insider data breach until the information appeared in news articles.

" clients contacted the company to say they were "disenchanted and concerned that their data had been compromised". ." - Otago Daily News
Unfortunately, it's not unusual for third parties, rather than the organization holding confidential information, to discover the breach. Organizations seeking to proactively detect data leaks can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data leak: Real estate staffer fired - www.OT.co.nz, 07/15/2015

Tuesday, July 21, 2015

Hospital Employee Stole Patient IDs for Tax Fraud

An employee of a Detroit hospital has been accused of stealing patients' personal identifying information (PII) that was then used to file fraudulent tax returns. Over 1,400 patients were victims of these insider breaches.

The identity thefts took place over a three year time period from 2011 through 2014. It is unclear why these ID thefts went on for so long and why they were discovered by law enforcement, rather than the organization holding the PII.

"[he is] accused of using personal identifying information obtained from patient records to file false tax returns in other people’s names." - QUOTEE
Organizations seeking to proactively detect identity thefts and privacy data breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Farmington Hills man accused of hospital ID theft takes plea deal; second suspect still negotiating - www.TheOaklandPress.com, 07/17/2015

Friday, July 17, 2015

Hospital Insider Indicted for 12,000 Patient ID Thefts

An assistant clerk, employed at a New York hospital, along with 7 co-conspirators, was indicted for stealing and selling patients' personal identifying information (PII).

Between 2012 and 2013 this insider allegedly stole names , dates of birth and Social Security numbers of 12,000 patients. She sold the PII for as little as $3 a piece to co-defendants who used the information to make purchases at luxury stores.

"In case after case, we’ve seen how theft by a single company insider, who is often working with identity thieves on the outside, can rapidly victimize a business and thousands of its customers."
- District Attorney, Cyrus R. Vance Jr.
It is unclear why the ID thefts went on for so long and it seems that law enforcement, rather than the organization holding the PII, discovered the them. Organizations seeking to proactively detect identity theft, instead of learn about it from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 8 Indicted in Identity Thefts of Patients at Montefiore Medical Center - www.NYTimes, 06/19/2015

Thursday, July 16, 2015

Health Clinic Employee Breached Patients' Privacy

A medical clinic in Minnesota has announced that an employee inappropriately access the medical records of more than 600 patients. The employee was terminated from their position.

According to a clinic spokesperson, the privacy data breach was discovered sometime within the last two months and the employee “accessed patient records beyond the scope of authorized access and assigned job responsibilities.”

" the employee accessed patient records beyond the scope of authorized access and assigned job responsibilities."
- Hospital's public affairs manager
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Clinic announces inappropriate access of records - www.Republican-Eagle.com, 07/11/2015

Wednesday, July 15, 2015

Actor's Husband Files Data Theft Suit Against Former Employee

The husband of a Bollywood actor and director of a beverage plant, has filed a case of data theft against a former employee. Allegedly, before leaving his position at the company the employee stole customer data and shared it with a competitor.

Documents filed in the case say the as an insider the former employee had access to important information about the beverage company's customers.

" he had access to vital information regarding our clients."
- Court documents
Organizations seeking to proactively detect theft of proprietary and confidential corporate data can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Actor Poonam Dasgupta’s husband files data theft case against ex-employee - www.MumbaiMirror.com, 07/13/2015

Tuesday, July 14, 2015

Hospital Workers Charged with Snooping in Mayor's Medical Records

Three hospital workers have been charged under Ontario’s health privacy law for snooping into former Toronto mayor Rob Ford’s medical records after he was diagnosed with cancer.

The allegations against the three workers include “willfully collecting, using or disclosing personal health information." If convicted, it will be the first successful health privacy prosecution in Ontario’s history.

"If convicted, it will be the first successful health privacy prosecution in Ontario’s history."
- The Toronto Star
The health network "recently strengthened its privacy protection, including enforcing a yearly mandatory privacy course and holding random audits of the access logs to patient records." Unfortunately random audits are not sufficient to find privacy breaches. Auditing all users' activities on every patient record is necessary and this can be achieved with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Govt. prosecutes health workers for snooping into Rob Ford’s medical records - www.TheStar.com, 07/08/2015

Monday, July 13, 2015

Hospital Facing Class Action Suits Over Insiders' Patient Data Thefts

A Florida hospital is facing two class action lawsuits related to breaches of patient privacy.

The first data breach involved two employees who stole data on thousands of patients and sold it to lawyers and chiropractors. The second data privacy breach, discovered in May 2014, involved two employees who, over a two year period, stole portions of medical records from 9,000 patients. This breach was discovered by law enforcement, not the hospital.

"class action lawsuits regarding two separate data breaches of patient information over the past four years."
- Orlando Sentinel
It is unclear why the breaches were allowed to occur for such a long time period or why law enforcement, rather than the hospital discovered the data thefts. Organizations seeking to proactively detect data theft and privacy breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Florida Hospital faces two data breach lawsuits - www.OrlandoSentinel.com, 07/08/2015

Friday, July 10, 2015

Insider at Bureau of Tobacco and Firearms Breached Colleagues Privacy?

The Justice Department is investigating whether an executive at the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) improperly accessed and downloaded the personal information of colleagues. It is not clear how many employees may have been affected by the possible breach.

The investigation is centering on whether the executive sent ATF employee data from his work email to his personal email account. It seems the breaches were discovered by a third party.

"It was not immediately clear how many employees were affected by the possible [insider] breach."
- CNN
Organizations seeking to proactively detect data privacy breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) First on CNN: ATF executive investigated for possible employee data breach - www.CNN.com, 06/27/2015

Wednesday, July 8, 2015

Patient IDs Stolen from Hospitals Used in Tampa Tax Fraud Scheme

A Tampa woman and her husband have been sentenced to federal prison for their part in identity theft tax fraud scheme.

Using stolen identities, many from hospitals and ambulance services, they conspired with others from 2011 to 2013 to file false tax returns worth about $5 million in refunds and to obtain more than 300 prepaid debit cards.

"Many of the 7,000 names were stolen from health facilities." - Court documents
Unfortunately, as is often the case, the identity thefts were discovered by law enforcement rather than tho organization holding the personal identifying information (PII). It is also unclear why the thefts went on for two years. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Stolen ID scheme sends Tampa couple to federal prison - www.TBO.com, 07/02/2015

Tuesday, July 7, 2015

Employee Stole Customer IDs for Loan Fraud Scheme

While employed at a payday loan and check cashing company in Kentucky a woman allegedly stole identities of former customers so that she could apply for fraudulent loans.

The identity thefts and fraud scheme took place from about March to June of 2015. The amount of money allegedly taken by the now former employee was not disclosed, but there are over 50 victims in this case.

"she was found to have allegedly taken out fraudulent loans in the names of former customers."
- The Ledger Independent
The fraud was uncovered because of a bank deposit incident where a customer was found to have not actually have a loan with the company. Rather than learn of identity thefts and privacy data breaches from third parties, organizations can detect them proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Cash Express employee arrested - www.Maysville-online.com, 07/03/2015

Monday, July 6, 2015

Hospital Insider Breached Privacy of 3,200 Patient Records

A certified nursing assistant illegally accessed 3,200 patient records outside their current job responsibilities. This employee was fired during the breach investigation.

Stolen data may have included names, dates of birth, addresses, medications, medical tests and results, the last four digits of social security numbers, and other clinical information. The former employee may have also accessed insurance information.

"We have been unable to determine the exact information that the employee viewed... ."
- Hospital press release
It is disturbing that the hospital "has been unable to determine the exact information that the employee viewed." Healthcare organizations seeking to know exactly which data was accessed can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) PrintPrint HomeHome / Orlando Health Access Incident Information Orlando Health Access Incident Information - www.OrlandoHeath.com, 07/02/2015

Thursday, July 2, 2015

Cop Snooped in Friend's Police Database Record

A Canadian policewoman snooped through confidential police records and reported its contents to a friend. This unauthorized use of police databases will cost her three days' pay and force her to stay home for 20 days.

Even though her motivation was to help a friend, the 18-year veteran cop, "should have known better" according to hearing officer Acting Deputy Chief Don Sweet. The privacy breach came to light when a third party asked for an investigation.

"conduct would not be deemed acceptable by the public and it is in the public interest that she be held accountable." - Acting Deputy Chief Sweet
Unfortunately, privacy breaches are often only discovered after a third party makes an inquiry. Organizations seeking to proactively detect privacy breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) title - www.OttawaSun.com, 06/26/2015

Wednesday, July 1, 2015

State Employee Stole Personal Data from State Systems for ID Theft Tax Fraud Scheme

A woman who worked at two Alabama state agencies, the Department of Public Health and the Department of Human Resources, has been sentenced to seven years in prison for stealing identities and using them for a tax refund fraud scheme.

In both positions, she had access to the personal identifying information (PII) of individuals. Beginning in 2012, she stole PII from the state agencies and provided the information to a co-conspirator to be used to file more than 3,000 fraudulent federal income tax returns claiming more than $7.5 million in tax refunds using the stolen information provided by the state employee.

" In both positions, she had access to the personal identifying information of individuals."
- Department of Justice Documents
It seems the IRS discovered the identity thefts, not the organizations holding the PII. Rather than learn of identity thefts and privacy breaches from third parties, organizations can proactively detect them by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Alabama State Employee Sentenced to Prison for Stealing Identities for Tax Refund Fraud Scheme - www.DataBreaches.net, 05/20/2015

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.