Athletes' medical records among leaked info in data security breach

Athletes’ medical records among leaked info in data security breach

Athletes’ medical records among leaked info in data security breach

An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands.

The leak at PIP printing, which has more than 400 locations in 13 countries, went on for four months before it was repaired Tuesday, cybersecurity experts involved in investigating the breach told NBC News. But there's no evidence that any hackers may have stumbled upon the files to use them for malicious purposes, they add.

The documents, which NBC News examined, ranges from emails revealing credit card and social security numbers to legal filings such as depositions, subpoenas and labor lawsuits. Extensive medical records belonging to high-profile athletes were also at risk.

PIP owner Michael Bluestein told NBC News that the breach appeared to stem from a third-party IT firm that accidentally misconfigured the backup protocols — essentially leaving a "back door" open in the system.

Read Also:
Big data techniques help paralyzed patient regain movement

"After discovering the breach, we acted quickly to lock down access to our database," Bluestein said. "We immediately strengthened our security controls. We changed all passwords, took offline all computers that may have been affected and brought in forensic IT experts."

Bluestein added that stronger-than-normal protections are being employed to further lock down the PIP system: "New firewalls are being installed. We are even going above the recommended security measures by also creating closed VPNs (virtual private networks) for our backup files," he said.

Bob Diachenko, whose firm Mackeeper Security Research Center investigated the breach, said it was first discovered in October.

The data breach potentially allowed access to sensitive labor filings on behalf of NFL players, such as disability claims with extensive HIPAA-protected medical records attached.

The NFL and the National Football League Players Association, a union for the players, both declined to comment on the private records of their athletes being exposed in the security breach.

Read Also:
WhatsApp Will Start Sharing Data, Including Phone Numbers, With Facebook

One particularly salacious set of documents released in the leak pertained to a lawsuit filed against Hustler by a former male employee who claimed adult magazine publisher Larry Flynt's daughter sexually harassed him.

The suit was covered in the press after it was filed — but according to the leaked internal company documents, Hustler officially terminated the employee for failing to detect a "theft ring" at the Hustler Hollywood stores he oversaw as a district manager.



Read Also:
Next-Generation Dashboards for Drilldowns into Real-Time Big Data
Read Also:
Next-Generation Dashboards for Drilldowns into Real-Time Big Data
Read Also:
GDPR boom time for ‘data protection officers’
Read Also:
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
Read Also:
Luggage Tag Code Unlocks Your Flights, Identity to Hackers

Leave a Reply

Your email address will not be published. Required fields are marked *