Category Archives: Breaches

Breach Notifications

Avanti Markets’ vending company PCI Breach

On July 4, 2017, Avanti Markets of Tukwila, Washington discovered some of their self check out payment kiosks had been affected by malware which stole payment card information.  Name, credit card number, and expiry date information was stolen included some customer biometric data.  

Avanti Market self checkout kiosks allow breakroom customers to buy food and drinks with cash, credit cards, or via a fingerprint scan (biometrics.)  

Avanti Markets’ vending company PCI Breach

On July 4, 2017, Avanti Markets of Tukwila, Washington discovered some of their self check out payment kiosks had been affected by malware which stole payment card information.  Name, credit card number, and expiry date information was stolen included some customer biometric data.  

Avanti Market self checkout kiosks allow breakroom customers to buy food and drinks with cash, credit cards, or via a fingerprint scan (biometrics.)  

Colorado Medicaid Data Breach of 822

From March 1 to May 10, 2017, an Internet URL made 12 Medicaid billing reports of PHI available.  The billing reports included names, Medicaid numbers, doctors names, costs, and services rendered for approximately 822 people.  SSNs, dates of birth, and addresses of patients were not included.  The Medicaid program is managed (and reviewed for security) by the Colorado Department of Health Care Policy and Financing.  Part of the Medicaid payment system is provided by contractor DXC Technology which went live March 1st.

When DXC Technology went live on March 1st, providers immediately began to complain about lag and denials in requests for reimbursement.  Some smaller doctor and therapist organizations claim to have been forced to take out loans or use credit cards to make their employee payroll.  DXC Technology has claimed they have no reason to believe this information has been used inappropriately and is offering one free year of ID theft protection.
 

North Dakota Medicaid PHI in dumpster

On May 8, 2017, a workforce member of the North Dakota Department of Human Services (NDDHS) discarded NDDHS Medicaid claim worksheets. The worksheets were found in a dumpster in Bismarck, North Dakota and recovered on May 10, 2017. The worksheets contain Medicaid names, dates of birth, diagnosis codes, Medicaid provider numbers, Medicaid ID numbers, dental work details, etc.

NDDHS is offering one year of free credit/ID monitoring to those affected but they must notify NDDHS before September 5, 2017. NDDHS has set up a toll free number to address any questions regarding the incident, to request free credit/ID theft monitoring, or to obtain a hard copy of the guidance offered by the ND Attorney General’s Office. The toll free contact
number is 1-844-345-8048 (ND Relay TTY 1-800-366-6888) and it will be monitored
until September 5, 2017

Anytime of the year, you can request a fraud alert from one of the three credit bureaus:
Equifax: 888-766-0008 or https://www.alerts.equifax.com/AutoFraud_Online
Experian: 888-3973742 or https://www.experian.com/fraud
Trans Union: 800-680-7289 or https://fraud.transunion.com

100k FAFSA apps hacked using autopopulate bug

It started with criminals filling out federal application for federal student aid (FAFSA aka federal studnet loan) forms but then circumventing access controls of the website.  The hackers were then able to get other applicants' information used for tax returns and then submit their own phony false tax returns to try to steal refunds.

The hackers were taking advantage of the faulty module in the site called IRS Data Retrieval which auto populates your online federal studnet loan application by using your already known tax return info.

The IRS claimed that in November 2015 they notified the Department of Education about these security concerns (breach) but the IRS didn't actually disable the exposure until March 2017.  The IRS has flagged at least 100,000 accounts as a result.

Individuals can still apply through FAFSA but will need to enter their information manually.