Data Breach

DARTMOUTH -- Six guards at the Bristol County House of Correction have been issued termination notices for allegedly stealing confidential medical, financial, and personnel information from the sheriff's computer, officials said. Sheriff Thomas Hodgson declined to identify the officers but said Wednesday that disciplinary hearings will be held to determine whether the guards should be fired. The officers received termination notices because the allegations rise to the level of possible dismissal, officials said.

It will cost South Shore Hospital in Weymouth $750,000 to settle charges related to a 2010 data breach that compromised the personal information of more than 800,000 people. The settlement, approved Thursday in Suffolk Superior Court, included a civil penalty of $250,000 and $225,000 for a fund to be used by the office of Massachusetts Attorney General Martha Coakley to promote education on the protection of personal data. South Shore Hospital was also credited for $275,000 it spent on security measures following the breach.

SALT LAKE CITY - An additional 750,000 people had their personal information stolen by hackers, Utah health officials said Monday after discovering that the thieves downloaded thousands more files of data than authorities initially believed. Officials originally estimated that 24,000 state residents had their records stolen after a computer tracked to Eastern Europe infiltrated a server beginning March 30. They then changed that number to 182,000 victims. Health officials now believe nearly 900,000 people have had their personal data stolen.

Utah's chief technology officer has resigned following the theft of hundreds of thousands of online medical records from state computers by unknown hackers. Gov. Gary Herbert on Tuesday announced a "comprehensive" response to the massive data breach, including the resignation of Stephen Fletcher, director of the state's Department of Technology Services. Herbert's office said the state also is hiring a public relations firm to handle crisis communications. Last month, hackers stole personal information of about 780,000 Medicaid recipients and participants in the Children's...

PORTLAND, Maine - Only those customers who weren't reimbursed for fraudulent charges may sue the Hannaford Bros. supermarket chain over a data breach that exposed 4.2 million credit and debit card numbers to computer hackers, a federal judge ruled. The decision by US District Judge D. Brock Hornby Tuesday dismissed all but one of the civil claims brought against Hannaford after the data breach was revealed in March 2008. But a separate lawsuit is still pending in Florida against Hannaford's sister company, Tampa-based Sweetbay.

Honda Motor Co. has apologized for a security breach involving a hacked database of customers in Canada. Honda said in an online statement the cyberattack exposed names, addresses and vehicle identification numbers. But the breach did not involve data that “would typically be used for identity theft or fraud’’ such as birthdates or credit card information. The Japanese automaker is notifying customers by mail. Kyodo News agency said Saturday about 280,000 accounts could be affected.

FRAMINGHAM - TJX Cos. said it has reached a settlement with several financial institutions tied to the massive data breach of customer information in 2005 and 2006. TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, said it paid $525,000 under the settlement - primarily reimbursing the banks for some of their expenses that stemmed from litigation tied to the incident. The four remaining financial institutions that sought to join as plaintiffs in a class-action suit - AmeriFirst Bank, HarborOne Credit Union, SELCO Community Credit Union, and Trustco bank - agreed to drop...

WASHINGTON -- A data breach that left some 40 million customer accounts vulnerable to hackers will lead to tighter security measures to protect millions of credit and debit card users, Federal Trade Commission officials said yesterday. CardSystems Solutions Inc. has settled charges it broke the law by failing to ensure adequate safeguards, resulting in millions of dollars in fraudulent purchases, the commission said. The settlement calls for better safeguards. The FTC could not seek civil penalties under the law it said CardSystems violated.

St. Elizabeth's Medical Center said Friday it is notifying 6,831 patients that their billing information, including credit card numbers and security codes, may have been compromised when documents the hospital planned to shred were removed by a vendor from a building scheduled for demolition. The papers did not include personal medical information and so far, there have been no reports that any of the billing data contained in the documents has been misused, according to hospital officials.

NEW YORK — EMC Corp.’s security-systems unit RSA offered to swap the SecurID tokens it provides to clients such as defense contractors and government agencies after a network breach disclosed in March resulted in the theft of RSA data. RSA will replace the tokens if the customer believes it is necessary, Helen Stefan, a spokeswoman, said in an interview. RSA’s defense-contractor clients include Lockheed Martin Corp., Northrop Grumman Corp. and Raytheon Co. In March, EMC, based in Hopkinton, Mass., said that a cyber attack resulted in information being taken...

WASHINGTON - The bad news piled up quickly for Carol Keller late last year. She was informed in December that her personal and medical information had been stolen nearly four months earlier when a Pentagon contractor left 25 computer tapes in the back seat of a Honda Civic in Texas. That explained the fraudulent purchases from her debit account, the Revere woman contends. Keller, who is married to a disabled Air Force veteran and relies on the Pentagon-run health insurance program called TRICARE, is among 70,000 military personnel, retirees, and their families across New England who are...

The Massachusetts Office of Consumer Affairs said Monday that it has been notified of data breaches affecting nearly 3.12 million people since late 2007 and Sept. 30 of last year. The vast majority of those breaches involved the loss of electronic information, such as Social Security or credit card numbers, and one reason why such information was so vulnerable was that it was often not properly encrypted, the office said. What happens in many cases is that a portable computer device is either lost or stolen.

SALT LAKE CITY - An additional 750,000 people had their personal information stolen by hackers, Utah health officials said Monday after discovering that the thieves downloaded thousands more files of data than authorities initially believed. Officials originally estimated that 24,000 state residents had their records stolen after a computer tracked to Eastern Europe infiltrated a server beginning March 30. They then changed that number to 182,000 victims. Health officials now believe nearly 900,000 people have had their personal data stolen.

St. Elizabeth's Medical Center said Friday it is notifying 6,831 patients that their billing information, including credit card numbers and security codes, may have been compromised when documents the hospital planned to shred were removed by a vendor from a building scheduled for demolition. The papers did not include personal medical information and so far, there have been no reports that any of the billing data contained in the documents has been misused, according to hospital officials.

ATLANTA (AP) — Visa Inc. has dropped the card processor involved in a massive data breach from its registry of providers that meet data security standards. Global Payments CEO Paul Garcia noted that the company continues to process Visa transactions, but that being dropped from the registry ‘‘could give our partners some pause that they're doing business with someone who experienced a breach. " Garcia said he expects to Global Payments to be reinstated once it has been issued a new report of compliance.

NEW YORK - A company that processes credit card transactions said Monday that as many as 1.5 million card numbers were compromised in a data breach early last month. The CEO of the company, Global Payments Inc., said the matter was "absolutely contained," but Visa dropped the company from its list of approved third parties that process transactions between stores and banks. The breach was revealed Friday when Visa and MasterCard said they had notified issuers of its credit cards.

NEW YORK -- AOL fired two employees and its chief technology officer left the company after a privacy breach that involved the intentional release of more than 650,000 subscribers' Internet search terms. AOL had substituted numeric IDs for subscribers' user names, but the search queries contained Social Security numbers, medical conditions, and other data traceable to individuals. The New York Times was able to trace user 4417749 to Thelma Arnold, 62, of Lilburn, Ga. Maureen Govern, the technology chief, will be replaced on an interim basis by John McKinley, who held that position before...

Top executives from Sony and online marketing firm Epsilon told lawmakers Thursday that they support federal legislation that would require companies to promptly notify consumers if their personal information is stolen or exposed by a data breach. Testifying at a House Commerce subcommittee hearing, the executives expressed support for national legislation to pre-empt a patchwork of varied state laws. The House Commerce Subcommittee on Commerce, Manufacturing and Trade held Thursday’s hearing after high-profile breaches at the two companies in recent months exposed...

Visa Inc. has dropped the card processor involved in a massive data breach from its registry of providers that meet data security standards. Global Payments CEO Paul Garcia noted that the company continues to process Visa transactions, but that being dropped from the registry "could give our partners some pause that they're doing business with someone who experienced a breach. " Garcia said he expects to Global Payments to be reinstated once it has been issued a new report of compliance.