LivingSocial Probe Leads Breach Roundup2 State Attorneys General Investigate Incident
In this week's breach roundup, two state attorneys general are seeking information from LivingSocial regarding a network breach that affected as many as 50 million accounts. Also, a North Carolina clinic is notifying more than 17,000 patients about a breach involving X-rays.
AGs Seek Info on LivingSocial Breach
Connecticut Attorney General George Jepsen and Maryland Attorney General Douglas Gansler are seeking information from LivingSocial regarding an April 26 network breach that impacted as many as 50 million accounts (see: LivingSocial Hack: Unanswered Questions).
"It's important to evaluate how this breach happened and what information was compromised so that we can ensure consumers are properly protected now and in the future," Jepsen said.
The attorneys general have asked LivingSocial to provide a detailed timeline of the incident, including when and how the company learned of the data breach, as well as a breakdown on the number of affected individuals in each state and the types of information compromised.
Other information sought includes password protections, information storage and internal security systems the company had in place and whether the company has received any reports or complaints from users about unauthorized charges.
LivingSocial, which offers featured discounts and daily deals for stores worldwide, revealed that compromised information included e-mail addresses, encrypted passwords and dates of birth for some users. It requested that users reset their passwords. And it stressed that a separate database that stores customer credit card information was not hacked.
17,000 Affected by X-Ray Breach
Raleigh Orthopaedic Clinic in North Carolina is notifying more than 17,000 patients about a breach involving their X-ray information.
In January, the clinic hired a vendor to transfer old X-ray films into electronic format, according to a news release. But the unnamed vendor never provided the electronic versions of the film. Once the organization investigated during the first week of March, it discovered that it was the victim of a scam.
"It appears that the X-ray films were sold to a recycling company in Ohio that harvested the silver from the films," the release said. "Raleigh Ortho believes the films were ultimately destroyed."
Compromised information includes the X-rays, patients' full names and their dates of birth.
California Birth Records Exposed
The California Department of Public Health has discovered that microfiche containing state birth records with information on about 6,000 individuals was stored in an unsecure location not owned by the state.
Compromised information includes names, addresses, Social Security numbers and some medical information.
"The birth records are only of persons born or a parent of a person born in certain months in 1974 in nine specific counties," the department said in an FAQ.
Patients Notified of Misplaced USB Drive
The University of Rochester Medical Center in New York is notifying 537 patients of a breach after a resident physician misplaced a USB computer flash drive that contained protected health information.
The USB drive was used to transport information used to study and continuously improve surgical results, URMC said in a statement.
Compromised information includes patient names, gender, age, date of birth, weight, telephone number, medical record number, physician's name, date of service, diagnosis, diagnostic study, procedure, and complications, if any.