Drugstore Penalty Leads Breach RoundupWalgreens Fined for Improper Disposal of Information
In this week's breach roundup, the Walgreens drugstore chain will pay $16.6 million to settle a California case involving improper disposal of hazardous waste, as well as certain confidential patient information. Also, an Arizona man was arrested for purchasing personal information online and then using it to commit financial fraud.
See Also: The Global State of Online Digital Trust
Walgreens Faces $16.6 Million Penalty
The Walgreens drugstore chain will pay $16.6 million to settle a California case involving improper disposal of hazardous waste, as well as certain confidential patient information, in dumpsters near their stores.
Among the waste found by investigators were "90 different pieces of evidence" featuring patient records, including prescription receipts and pill bottles containing patient names, dates of birth, drug names, prescription record numbers, and other information, says Karen Doty, San Diego County deputy district attorney and head of the district attorney's environmental protection unit.
Alameda Superior Court ordered Walgreens to pay the monetary penalty as part of a settlement between the retailer and 42 California district attorneys and two city attorneys.
Arrest in Identity Theft Case
A 34-year-old Arizona man was arrested for purchasing personal information online and then using it to prepare tax returns, placing the refund money on prepaid debit cards, according to a local news report.
The Sierra Vista Police Department was contacted by Cochise College, located in Douglas, Arizona, in February when it discovered a flash drive was left in a school computer. An investigation determined that 800 to 900 names and associated personal information were stored on it, the report said.
The information on the flash drive consisted of stolen identities and financial information of individuals from other states.
Detective Colin Festa said the names were illegally obtained by Internet phishing scams, "often via e-mails made to look like legitimate communications from credit card companies and banks," the report said. Osabuohien Odyssey Oronsaye, the man arrested, allegedly purchased the information online for $1.50 per name.
Oronsaye was indicted on December 5 by a federal grand jury in Tucson and charged with false claims, wire fraud, aggravated identity theft and access device fraud, the news report explained.
Helpline Callers' Info Compromised
A breach at a helpline charity in Derry, Northern Ireland, was caused by the collapse of a stack of boxes, according to the Belfast Telegraph.
The helpline is run by Contact NI, an independent counseling service.
Reports said the storage boxes collapsed and opened up an emergency door in Contact's sixth-floor office. Sensitive documents then fell out of the door and were blown around outside.
According to a BBC report, the documents contained caller information, such as first and second names, as well as personal accounts from counseling conversations.
As a result of the breach, Contact NI has introduced new measures, including a paperless system for data management, the Belfast Telegraph reported.