At a glance.
- SEC settles data breach protocol case.
- Kroger settles with Accellion breach victims.
- Recent healthcare data breaches.
- Aadhaar breach reported in Tamil Nadu.
SEC settles with company over deficient breach reporting protocol.
JD Supra reports that the US Securities and Exchange Commission (SEC) reached a settlement with an unnamed company regarding their reporting of a recent data breach. The SEC claims that the incident was evidence that the company had violated Rule 13a-15 of the Exchange Act, which covers required breach disclosure procedures. The company leaders took immediate action when they learned of the system vulnerability, but the SEC argues that the senior employees were not informed of the issue until several months after it was first detected, indicating that the company’s notification procedures were inadequate. The company agreed to a cease-and-desist order and paid nearly $500,000 in penalties.
Kroger reaches settlement with Accellion breach victims.
As the repercussions of the recent Accellion data breach continue to unfold, a preliminary approval motion for a proposed class action settlement was filed Wednesday stating that Kroger will pay $5 million to resolve the claims made against the grocery store chain on behalf of the 3.82 million customers and employees who were impacted. As Reuters reports, the plaintiffs alleged that Accellion and Kroger did not have proper protections in place to ensure the safety of their data, and as part of the deal, Kroger has agreed to switch to a different file transfer application, secure or delete the compromised data, and revamp its third-party vendor risk management program.
A roundup of US healthcare sector breaches:
After hackers published images of personal data stolen from the systems of University Medical Center, the Nevada-based nonprofit hospital has confirmed they experienced a breach, SecurityWeek reports. The attackers infiltrated a storage server in mid-June, and the images depicted driver’s licenses, passports, and Social Security cards of about half a dozen individuals. There is no evidence that any clinical systems were accessed.
Becker's Hospital Review reports that UW Health’s patient portal Epic MyChart was breached, exposing the data of more than four thousand patients of the Wisconsin-based hospital. An unidentified third party gained unauthorized access to patient portal accounts in April and May and potentially viewed clinical and health insurance info.
In Illinois, the information of over 200,000 Northwestern Memorial HealthCare patients was exposed through the breach of cancer software vendor Elekta, Becker's Hospital Review reports. Elekta, based in Stockholm, has alerted the Federal Bureau of Investigation and notified impacted entities, which include forty-two health systems across the US.
Tamil Nadu breach exposes millions of Aadhaar numbers.
Bengaluru cybersecurity startup Technisanct has found that Tamil Nadu’s public distribution system experienced a breach exposing the Aadhaar card numbers, addresses, and cellphone numbers of over 5.2 million users, the Hindu reports. The threat group responsible for the attack, who go by the name 1945VN, released the data on a hacking forum. Technisanct founder Nandakishore Harikumar stated, “Our team is further assessing the depth of the breach with special emphasis on the number of Aadhaar records publicly exposed as it is crucial to protect data belonging to citizens.”