PrivacySignal
← Front page

Search & browse the archive

The full corpus — beyond today's front page.

Reset

25 results · page 1 of 2

Breach
DataBreaches.net · · International

First Circuit Affirms Dismissal of Data Breach Class Action for Lack of Traceable Injury

Melanie Conroy of Pierce Atwood LLP writes: The First Circuit recently affirmed dismissal of a putative data breach class action against Bayamón Medical Center (BMC), holding that the plaintiff failed to plausibly allege that her injuries were traceable to the healthcare provider’s 2019 ransomware attack. In Santos-Pagán v. Bayamón Medical Center, the court concluded that allegations... Source

Who should care: Cybersecurity · Privacy officers · Administrators

#breach#security Read original →
Breach
BleepingComputer · · International

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]

Who should care: Cybersecurity · Privacy officers · Administrators

#breach Read original →
Breach
HIPAA Journal · · US Federal

Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit

Okanogan Behavioral Healthcare, a Washington-based mental and behavioral health provider, has reached a class action settlement following a data breach that exposed patient information. The settlement resolves claims brought by affected individuals whose personal and health data was compromised.

Why this matters: Breaches at behavioral health providers are particularly sensitive, as exposed data can include mental health diagnoses, treatment histories, and substance use records — information that carries stigma and potential consequences for employment, custody, or insurance if disclosed.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

#breach#enforcement#healthcare Read original →
Healthcare
HIPAA Journal · · US Federal

Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches

Data security incidents have been announced by the Colorado Health Network and Kentucky Mountain Health Alliance. In both cases, only […] The post Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance

#healthcare Read original →
Healthcare
HIPAA Journal · · US Federal

Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches

Data breaches have been announced by Minnesota Epilepsy Group, Campbell University, and the City of Middletown, Ohio. Minnesota Epilepsy Group […] The post Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance

#healthcare Read original →
Breach
DataBreaches.net · · International

Colorado Health Network Notifies Patients of Last Year’s Breach—But Key Details Remain Undisclosed

In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its’ dark web leak site with a claim that they had acquired 900 GB of data. Cephalus disappeared from public view days later, and never leaked the data on any server that... Source

Who should care: Cybersecurity · Privacy officers · Administrators

#breach#security Read original →
Breach
HIPAA Journal · · US Federal

Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit

Bradford Health Services and Bradford Health Partners have reached a settlement in litigation stemming from a December 2023 cybersecurity incident that compromised patient data held by the Alabama-based behavioral health provider network.

Why this matters: Breaches at behavioral health organizations carry heightened sensitivity, as exposed records can include mental health, substance use, and treatment details — information whose disclosure may carry lasting personal, professional, or legal consequences for affected individuals.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

#breach#enforcement#healthcare Read original →
Breach
HIPAA Journal · · US Federal

Hillcrest Convalescent Center Settles Class Action Data Breach Litigation

Hillcrest Convalescent Center, a skilled nursing and rehabilitation facility in Durham, North Carolina, has reached a settlement in a class action lawsuit stemming from a data breach affecting patient information.

Why this matters: Healthcare facilities hold among the most sensitive personal data — medical histories, diagnoses, and financial details — making breaches particularly consequential for vulnerable patients who had little choice but to share that information to receive care.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
T TicketNews · · International

MSG Data Breach Lawsuit Puts Dolan’s Facial Recognition/Data Fight in Spotlight

A lawsuit targeting Madison Square Garden over a data breach has drawn renewed attention to owner James Dolan's broader use of facial recognition technology and the data practices surrounding it, raising questions about how biometric information collected at venues is stored and secured.

Why this matters: The case highlights the risks individuals face when venues collect biometric data without robust safeguards — a breach doesn't just expose names or emails, but potentially immutable physical identifiers that cannot be changed if compromised.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy

#breach#enforcement#surveillance#privacy Read original →
Breach
EDPS · · EU

Managing Shadow AI’s Hidden Data Breach Risk

Managing Shadow AI’s Hidden Data Breach Risk francesco Mon, 06/15/2026 - 09:25 Mon, 06/15/2026 - 12:00 The use of unauthorised AI tools that can expose personal data, create regulatory blind spots, and open security vulnerabilities. 1 Read blogpost by Wojciech Wiewiórowski

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · AI governance · Policy

#breach#regulation#ai#security Read original →
Breach
EDPB · · EU

EDPB meets with EU Commissioner McGrath and adopts common data breach notification template

The European Data Protection Board held its latest plenary session, meeting with EU Commissioner Michael McGrath to discuss shared priorities including the Digital Omnibus package, while also formally adopting a standardized template for data breach notifications across member states.

Why this matters: A unified breach notification template streamlines how individuals learn when their personal data has been compromised, potentially strengthening timely transparency. The EDPB's cautionary signal on the Digital Omnibus suggests concern that proposed regulatory changes could dilute existing data protection standards.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · AI governance · Compliance

#breach#gdpr#regulation Read original →
Breach
FTC Consumer Protection · · US Federal

FTC Gives Final Approval to Order Against Illuminate Settling Allegations It Failed to Secure Students’ Personal Data

The FTC has finalized a settlement with Illuminate Education over a data breach that exposed millions of students' personal information. The order mandates a formal security program, restrictions on how much student data the company may collect and retain, and deletion of data deemed unnecessary.

Why this matters: Students have little say in whether their schools share their data with third-party vendors, making robust regulatory enforcement a primary safeguard. The order's data minimization and deletion requirements acknowledge that limiting collection in the first place reduces exposure when security measures inevitably fall short.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →
Breach
EDPB · · EU

The Italian SA fined Poste Vita for data breach

Italy's data protection authority issued an administrative fine against insurance firm Poste Vita S.p.A. following a customer complaint alleging unauthorized disclosure of personal data. The regulator found violations of GDPR principles governing data processing and breach-notification obligations.

Why this matters: The case underscores that insurers hold sensitive personal and financial data, and failures to secure or promptly report breaches leave individuals exposed without timely recourse — a reminder that notification rules exist to protect people, not just satisfy regulators.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →
Breach
IAPP · · International

Why data mining is functionally required after a HIPAA breach

Following a HIPAA breach, covered entities are effectively compelled to conduct extensive data mining to identify which records were exposed, assess the scope of harm, and meet regulatory notification obligations — making deep internal data analysis a practical necessity rather than an optional step.

Why this matters: The requirement to mine patient data post-breach, while protective in intent, means sensitive health information is subjected to broad internal scrutiny. How organizations scope, log, and retain that analysis introduces secondary privacy risks that HIPAA's breach framework does not fully address.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
Krebs on Security · · International

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.

Who should care: Cybersecurity · Privacy officers · Administrators

#breach Read original →
Breach
Information Commissioner's Office · · UK

Fine of nearly £1m issued against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

The UK's Information Commissioner's Office has levied a fine of approximately £1 million against South Staffordshire Plc and its water utility subsidiary following a significant cyberattack that resulted in a personal data breach affecting customers.

Why this matters: When critical infrastructure operators fail to secure personal data, ordinary people bear the consequences of exposed information with little recourse. Regulatory penalties signal that custodians of sensitive data face accountability, reinforcing individuals' right to expect adequate protection.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →
Breach
The Guardian — Privacy · · International

UK Biobank has my data, but I’m not worried. I know the benefits are too great to consider pulling out | Polly Toynbee

A dataset from UK Biobank — a large longitudinal health research repository — reportedly appeared for sale on Alibaba's platform in China, prompting concern among researchers and a warning from UK Science Minister Patrick Vallance that further such attempts are anticipated. Columnist Polly Toynbee argues the research value of such studies outweighs the risks.

Why this matters: The incident illustrates that even well-governed research databases carrying sensitive, long-term health records are vulnerable to unauthorized distribution, raising questions about whether participants' informed consent extends to scenarios where their data surfaces on foreign commercial platforms beyond any regulator's reach.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
The Guardian — Privacy · · International

More private health records of UK Biobank volunteers appear on Chinese website

Additional confidential health records from UK Biobank's 500,000 volunteers have appeared for sale on Alibaba following last week's initial breach, with Science Minister Patrick Vallance confirming the government is coordinating with Chinese authorities to remove the listings and anticipating further exposures.

Why this matters: Volunteers donated sensitive biological and medical data under an expectation of research use, not commercial exposure; the ongoing resurfacing of that data on a foreign marketplace highlights how breaches of biomedical repositories can strip individuals of control over their most intimate personal information with limited immediate recourse.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
The Guardian — Privacy · · International

Some Interrail travellers told to cancel passports as hacked data posted online

Eurail, which sells passes, says data being ‘offered for sale on dark web’ after December breach affecting 300,000 people Holidaymakers across Europe are facing the stress and expense of getting new passports after their personal data was posted on the dark web after a hack of the Interrail company Eurail. Personal data, including passport numbers, names, phone numbers, email and home addresses and dates of birth of more than 300,000 European travellers was accessed in December. But this week Eurail revealed to customers that “data copied during the security incident has been offered for sale…

Who should care: Cybersecurity · Privacy officers · Administrators

#breach Read original →
Page 1 of 2 Next →