2013, Insurance and Security - Information Management Today

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. for stealing data on nearly 10 million customers of the Australian health insurance giant Medibank.

Retail

Retail Ransomware Marketing Healthcare

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

Rescator added that there was a second database of around 80,000 corporations that included social security numbers, names and addresses, but no financial information. As it happens, Rescator’s criminal hacking crew was directly responsible for the 2013 breach at Target and the 2014 hack of Home Depot. billion in 2013.

Sales

Sales Retail Insurance IT

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 This week, the U.S. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. info and findget[.]me,

Insurance

Insurance Communications Authentication Access

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

APRIL 28, 2021

Bill Demirkapi , an independent security researcher who’s currently a sophomore at the Rochester Institute of Technology , said he discovered the data exposure while shopping around for student loan vendors online. . Data security has always been, and always will be, our highest priority.” 27, 2021).

Insurance

Insurance Access Authentication Security

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

FEBRUARY 14, 2023

In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. Other investors included J.P.

Compliance

Compliance Security Cybersecurity Marketing

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV Date of breach: 19 September 2013 (AlphV uploaded first part of data to its website on 19 October 2023). D-Link Corporation Provides Details about an Information Disclosure Security Incident Date of breach: 2 October 2023.

Data Privacy

Data Privacy Privacy Security Data breaches

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

The security breach was discovered earlier this year, hackers also accessed data stored in the Literacy Works Information System and a legacy unemployment insurance service database. Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers.

Data breaches

Data breaches Insurance Access Security

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Hunton Privacy

NOVEMBER 20, 2013

On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”).

Insurance

Insurance Personal data Authentication Records Management

New Payment Technologies Should Reduce Demand for Cyber Insurance

Hunton Privacy

NOVEMBER 6, 2014

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports: As the demand for cyber insurance has skyrocketed, so too has the cost. One broker estimates that sales in 2014 will double from the $1 billion premium collected in 2013. As these payment technologies become prevalent in the U.S.,

Insurance

Insurance Retail Sales Risk

Insurance Policy’s Statutory Rights Exclusion Does Not Apply to Data Breach Claims

Hunton Privacy

OCTOBER 15, 2013

On October 7, 2013, the United States District Court for the Central District of California held that a general liability insurance policy covered data breach claims alleging violations of California patients’ right to medical privacy. Hartford Casualty Insurance Co. Corcino & Associates , CV 13-03728-GAF (C.D.

Insurance

Insurance Data breaches Privacy Security

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Hunton Privacy

FEBRUARY 24, 2014

Securities and Exchange Commission that its health insurance subsidiary, Triple-S Salud, Inc. Triple S”), which is Puerto Rico’s largest health insurer, will be fined $6.8 million for a data breach that occurred in September 2013. Triple-S Management Corporation reported in the 8-K it recently filed with the U.S.

Insurance

Insurance Data breaches IT Security

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Hunton Privacy

JULY 16, 2021

According to the Regulators, the Proposed Guidance largely would adopt the text of the OCC’s 2013 guidance, broadening its scope to include organizations supervised by all three Regulators.

Risk

Risk Insurance Sales Encryption

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

FEBRUARY 22, 2017

The settlement stemmed from the theft of two laptops stolen from Horizon headquarters in November 2013, when personnel from outside vendors performing renovations and moving services at Horizon’s Newark headquarters had unsupervised access to the area where company laptops were stored. Under the terms of the settlement, in addition to the $1.1

Insurance

Insurance Privacy Encryption Passwords

Experian API exposed credit scores of tens of millions of Americans

Security Affairs

MAY 3, 2021

The issue was reported to KrebsOnSecurity by the independent security researcher Bill Demirkapi , who discovered the data exposure while shopping around for student loan vendors online. Data security has always been, and always will be, our highest priority.”. But this doesn’t address the systemic issue at all.”. Pierluigi Paganini.

Insurance

Insurance Access Authentication Security

The man behind Cardplanet credit card market sentenced to 9 years in prison

Security Affairs

JUNE 27, 2020

The man operated the Cardplanet site between at least early 2009 through at least August 2013. The membership also requested a sum of money, normally $5,000, as insurance. The post The man behind Cardplanet credit card market sentenced to 9 years in prison appeared first on Security Affairs. Pierluigi Paganini.

Marketing

Marketing Sales Insurance Access

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Hunton Privacy

JUNE 13, 2023

On June 6, 2023, the Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”) issued their final Interagency Guidance on Third-Party Relationships (“Guidance”).

Risk

Risk Insurance Compliance Information Security

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

9 million records breached through decade-long data leak A former temporary employee of a subsidiary of NTT West (Nippon Telegraph and Telephone West Corp) illegally accessed about 9 million personal data records over the course of a decade (2013 to 2023). Breached records: more than 56 million.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Hunton Privacy

JANUARY 16, 2021

The Court held that OCR’s civil monetary penalty for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule was “arbitrary, capricious, and otherwise unlawful.”. OCR investigated and imposed the $4.3

Encryption

Encryption Privacy Insurance Security

OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations

IG Guru

NOVEMBER 26, 2019

Department of Health and Human Services (HHS) has imposed a $1,600,000 civil money penalty against the Texas Health and Human Services Commission (TX HHSC), for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules between 2013 […]. The post OCR Imposes a $1.6

Insurance

Insurance Privacy Security Records Management

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hunton Privacy

FEBRUARY 3, 2017

million civil monetary penalty against Children’s Medical Center of Dallas (“Children’s”) for alleged ongoing violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules, following two consecutive breaches of patient electronic protected health information (“ePHI”).

Privacy

Privacy Security Insurance Encryption

Hacker Charged With Extorting Online Psychotherapy Service

Krebs on Security

NOVEMBER 3, 2022

In 2013, Kurittu worked on investigation involving Kivimaki’s use of the Zbot botnet, among other activities Kivimaki engaged in as a member of the hacker group Hack the Planet. Among those who grabbed a copy of the database was Antti Kurittu , a former criminal investigator at the Helsinki Police Department.

Data breaches

Data breaches Records Management Insurance Archiving

Who is Tech Investor John Bernard?

Krebs on Security

SEPTEMBER 25, 2020

Mr. Davies was charged with murder and fraud after he attempted to collect GBP 132,000 in her life insurance payout, but British prosecutors ultimately conceded they did not have enough evidence to convict him. A search on John Clifton Davies and Iryna turned up this 2013 story from The Daily Mirror which says Iryna is John C.

Insurance

Insurance IT

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Luckily for cybersecurity startups, there’s no shortage of interest in tomorrow’s next big security vendors. billion in 2021, and growing concerns over data security , software supply chains , and ransomware suggest the market will remain strong through economic ups and downs. How Do VC Firms Work? AllegisCyber Investments.

Cybersecurity

Cybersecurity Cloud Marketing Security

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

to support individual and classwide actions for purported data security and privacy violations. 4th 390, 393 (2013) (allowing “unlawful” UCL claim for violations of the federal Truth in Savings Act despite no express private right of action because Congress intended for state laws to hold banks to equivalent standards); see also Zhang v.

Privacy

Privacy Data breaches Insurance IT

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

DECEMBER 3, 2018

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco.

Authentication

Authentication Military Access Insurance

Credit Reporting Companies Put Customer Data at Risk

Adam Levin

MAY 19, 2021

An undergraduate student at Rochester Institute of Technology named Bill Demirkapi discovered the most recent security failure. The information included driver’s licenses , credit card , and Social Security numbers. The data included addresses, birthdays, and even Social Security numbers. Takeaways .

Risk

Risk Data breaches Cybersecurity Insurance

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

JUNE 30, 2021

Ronnie Tokazowski is a threat researcher at Agari , a security firm that has closely tracked many of the groups behind these advanced fee schemes [KrebsOnSecurity interviewed Tokazowski in 2018 after he received a security industry award for his work in this area]. ” ANY METHOD THAT WORKS. Image: Agari.

Insurance

Insurance IT Education Government

North Dakota Amends Breach Notification Law to Cover Health Information

Hunton Privacy

AUGUST 1, 2013

On April 19, 2013, the North Dakota legislature amended the state’s breach notification law (Section 51-30-01 of the North Dakota Century Code) to expand the definition of “personal information” to include “health insurance information” and “medical information.” The amendments took effect on August 1, 2013.

Insurance

Insurance Security Privacy

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

The Security Ledger

APRIL 27, 2021

The post Episode 212: China’s Stolen Data Economy (And Why We Should Care) appeared first on The Security Ledger with Paul F. Back in 2013, news that hackers stole data on tens of millions of customers of the software maker Adobe dominated the headlines for days. Read the whole entry. » Waiting for Federal Data Privacy Reform?

Data breaches

Data breaches Big data Retail Insurance

HHS Issues Final Omnibus Rule Modifying HIPAA Privacy, Security, Enforcement and Breach Notification Rules

Hunton Privacy

JANUARY 17, 2013

The Final Rule will become effective March 26, 2013, with covered entities and business associates obligated to comply with the new requirements by September 23, 2013. The Final Rule comes two and a half years after the proposed rule was published in July 2010.

Privacy

Privacy Security Insurance Marketing

D.C. Circuit’s Article III Standing Decision Deepens Appellate Disagreement

Hunton Privacy

AUGUST 10, 2017

Circuit reversed the dismissal of a putative data breach class action against health insurer CareFirst, Attias v. The court found that the complaint did in fact allege the theft of Social Security numbers and payment card information. On August 1, 2017, a unanimous three-judge panel for the D.C. CareFirst, Inc. , 16-7108, slip op.

Insurance

Insurance Data breaches Risk Access

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

HHS Announces 1.7 Million Dollar Settlement with WellPoint for Potential HIPAA Privacy and Security Rule Violations

Hunton Privacy

JULY 12, 2013

On July 11, 2013, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $1.7 following a security breach that affected over 600,000 individuals. million settlement with WellPoint Inc. In a not-so-subtle hint of OCR’s future intentions, the press release also mentioned that “Beginning Sept.

Privacy

Privacy Security Insurance Access

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

Hunton Privacy

DECEMBER 3, 2018

Each Referential lists the purposes of the data processing in question, the legal basis for that data processing, the types of personal data that may be processed for those purposes, the data retention periods and the associated security measures.

GDPR

GDPR Personal data Insurance Education

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

NOVEMBER 30, 2016

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. .

Computer and Electronics

Computer and Electronics Insurance Privacy Risk

Obama Administration Releases Incentive Reports on Cybersecurity

Hunton Privacy

AUGUST 7, 2013

On August 6, 2013, the Obama Administration posted links on The White House Blog to reports from the Departments of Commerce , Homeland Security and Treasury containing recommendations on incentivizing companies to align their cybersecurity practices with the Cybersecurity Framework.

Cybersecurity

Cybersecurity Insurance Risk Security

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Hunton Privacy

SEPTEMBER 23, 2013

Today, September 23, 2013, marks the deadline for compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule that was issued in January 2013. Change the notice of privacy practices to be distributed to individuals.

Compliance

Compliance Privacy Insurance Risk

Chronicle of a Records Manager: Controlling the Chaos of Disaster Response and Recovery

ARMA International

APRIL 28, 2022

I have been a member of the OAR staff at the ANO since March 2013. The plan was to meet the insurance coordinator at the Howard Avenue office at 8:30 a.m. I was aware that I would need documentation on damage and losses for insurance and internal purposes. The insurance coordinator proposed stabilizing in place.

Records Management

Records Management Archiving Insurance Communications

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

CGI

JANUARY 22, 2016

This blog focuses on the new Network and Information Security Directive (NISD) which was agreed at the same time and also has significant implications for business. The likely implications will be: Organisations will need to be able to demonstrate that they have taken ‘appropriate security measures’.

Insurance

Insurance GDPR Personal data Marketing

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

to support individual and classwide actions for purported data security and privacy violations. 4th 390, 393 (2013) (allowing “unlawful” UCL claim for violations of the federal Truth in Savings Act despite no express private right of action because Congress intended for state laws to hold banks to equivalent standards); see also Zhang v.

Privacy

Privacy Data breaches Insurance IT

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

to support individual and classwide actions for purported data security and privacy violations. 4th 390, 393 (2013) (allowing “unlawful” UCL claim for violations of the federal Truth in Savings Act despite no express private right of action because Congress intended for state laws to hold banks to equivalent standards); see also Zhang v.

Privacy

Privacy Data breaches Insurance IT

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. Raising awareness about ransomware is a baseline security measure. As training sessions have little influence over staff for every potential attack, it makes added security more imperative.

Ransomware

Ransomware Encryption Insurance Cloud

An Interview With the Target & Home Depot Hacker

Who Stole 3.6M Tax Records from South Carolina?

Trending Sources

First American Financial Pays Farcical $500K Fine

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Security Compliance & Data Privacy Regulations

Experian API Exposed Credit Scores of Most Americans

Automated Security and Compliance Attracts Venture Investors

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Maryland Department of Labor discloses a data breach

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

New Payment Technologies Should Reduce Demand for Cyber Insurance

Insurance Policy’s Statutory Rights Exclusion Does Not Apply to Data Breach Claims

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Experian API exposed credit scores of tens of millions of Americans

The man behind Cardplanet credit card market sentenced to 9 years in prison

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hacker Charged With Extorting Online Psychotherapy Service

Who is Tech Investor John Bernard?

Top VC Firms in Cybersecurity of 2022

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

Credit Reporting Companies Put Customer Data at Risk

We Infiltrated a Counterfeit Check Ring! Now What?

North Dakota Amends Breach Notification Law to Cover Health Information

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

HHS Issues Final Omnibus Rule Modifying HIPAA Privacy, Security, Enforcement and Breach Notification Rules

D.C. Circuit’s Article III Standing Decision Deepens Appellate Disagreement

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

HHS Announces 1.7 Million Dollar Settlement with WellPoint for Potential HIPAA Privacy and Security Rule Violations

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

HHS Announces HIPAA Settlement with UMass

Obama Administration Releases Incentive Reports on Cybersecurity

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Chronicle of a Records Manager: Controlling the Chaos of Disaster Response and Recovery

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

Ransomware Protection in 2021

Stay Connected