Athletes' medical records among leaked info in data security breach

Athletes’ medical records among leaked info in data security breach

Athletes’ medical records among leaked info in data security breach

An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands.

The leak at PIP printing, which has more than 400 locations in 13 countries, went on for four months before it was repaired Tuesday, cybersecurity experts involved in investigating the breach told NBC News. But there's no evidence that any hackers may have stumbled upon the files to use them for malicious purposes, they add.

The documents, which NBC News examined, ranges from emails revealing credit card and social security numbers to legal filings such as depositions, subpoenas and labor lawsuits. Extensive medical records belonging to high-profile athletes were also at risk.

PIP owner Michael Bluestein told NBC News that the breach appeared to stem from a third-party IT firm that accidentally misconfigured the backup protocols — essentially leaving a "back door" open in the system.

Read Also:
Big data privacy is a bigger issue than you think

"After discovering the breach, we acted quickly to lock down access to our database," Bluestein said. "We immediately strengthened our security controls. We changed all passwords, took offline all computers that may have been affected and brought in forensic IT experts."

Bluestein added that stronger-than-normal protections are being employed to further lock down the PIP system: "New firewalls are being installed. We are even going above the recommended security measures by also creating closed VPNs (virtual private networks) for our backup files," he said.

Bob Diachenko, whose firm Mackeeper Security Research Center investigated the breach, said it was first discovered in October.

The data breach potentially allowed access to sensitive labor filings on behalf of NFL players, such as disability claims with extensive HIPAA-protected medical records attached.

The NFL and the National Football League Players Association, a union for the players, both declined to comment on the private records of their athletes being exposed in the security breach.

Read Also:
Predictive analytics can stop ransomware dead in its tracks

One particularly salacious set of documents released in the leak pertained to a lawsuit filed against Hustler by a former male employee who claimed adult magazine publisher Larry Flynt's daughter sexually harassed him.

The suit was covered in the press after it was filed — but according to the leaked internal company documents, Hustler officially terminated the employee for failing to detect a "theft ring" at the Hustler Hollywood stores he oversaw as a district manager.



Chief Analytics Officer Spring 2017

2
May
2017
Chief Analytics Officer Spring 2017

15% off with code MP15

Read Also:
Data breaches don’t just happen to the big companies

Big Data and Analytics for Healthcare Philadelphia

17
May
2017
Big Data and Analytics for Healthcare Philadelphia

$200 off with code DATA200

Read Also:
How cybercrime is putting Healthcare Information at risk?

SMX London

23
May
2017
SMX London

10% off with code 7WDATASMX

Read Also:
Rippleshot Uses Big Data Tools to Mitigate Credit Card Fraud
Read Also:
How cybercrime is putting Healthcare Information at risk?

Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
The 38 security statistics that matter most

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Rippleshot Uses Big Data Tools to Mitigate Credit Card Fraud

Leave a Reply

Your email address will not be published. Required fields are marked *