Celebrity Breach Leads RoundupInformation Posted on Public Website
In this week's breach roundup, federal authorities are investigating how personal information on prominent Americans, including first lady Michelle Obama, ended up on a public website. Also, the University of Connecticut Health Center reports a breach affecting 1,400 patients.
See Also: The Global State of Online Digital Trust
Hack of Celebrities Investigated
The Federal Bureau of Investigation and the Secret Service are joining with credit bureau Equifax to investigate how personal information about celebrities, including first lady Michelle Obama, ended up on a public website.
Social Security numbers, telephone numbers, addresses and credit reports for 18 prominent Americans appeared on a website March 11, according to Reuters.
Other individuals listed on the site included Vice President Joe Biden, singers Beyonce and Jay-Z, FBI Director Robert Mueller and former Secretary of State Hillary Clinton. Investigators, however, are attempting to determine whether the information posted about the celebrities was accurate, Reuters reported."Equifax can confirm that fraudulent and unauthorized access to an isolated number of consumer credit reports has occurred through the annualcreditreport.com channel, a free public service that allows all consumers to get annual access to their credit report," the credit bureau said in a statement to DataBreachToday.
"Our initial investigation shows the perpetrators had the PII of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place," Equifax said.
Univ. of Conn. Health Center Reports Incident
The University of Connecticut Health Center reports that a former employee inappropriately accessed about 1,400 patient records.
Exposed information on those patients included names, addresses, dates of birth and, in some cases, Social Security numbers and health information, according to a notice posted to the hospital's website.
The health center said there's no evidence that the patient information inappropriately accessed was used for any purpose.
University of Connecticut Health Center requires all employees to undergo training about patient privacy upon hiring and offers continuous training to reinforce the education, according to the notice. As a result of the incident, the health center is evaluating all its education and monitoring efforts.
Affected individuals are being offered free credit monitoring services, along with insurance coverage, for two years.
UK Fines Receptionist for Snooping
The UK Information Commissioner's Office has fined a former receptionist at a clinic in Southampton, England, for unlawfully obtaining medical information relating to her ex-husband's new wife.
Marcia Phillips was prosecuted under the Data Protection Act and fined Â£750 and ordered to pay a Â£15 victim surcharge and Â£400 prosecution costs.
Phillips accessed the information on 15 separate occasions over a 16-month period while working as a receptionist at the Bath Lodge Practice, according to a statement from the ICO. "The breach became apparent after Phillips left her job and sent a text message to her ex-husband's partner referring to highly sensitive medical information taken from her medical record," the ICO said.
"This case clearly shows the distress that can be caused when an individual uses a position of responsibility to illegally access sensitive personal information," says David Smith, deputy commissioner and director of data protection. "Ms. Phillips knew she was breaking the law, but continued to do so in order to cause harm to her ex-husband's new wife."