Quest Diagnostics issued a statement that billing collections service American Medical Collection Agency (AMCA) had potential unauthorized activity on AMCA’s web payment page, which could have compromised the data of about 11.9 million Quest patients. Lab results were not affected by this incident. Quest Diagnostics is continuing their investigation.
Update: LabCorp also revealed in an SEC filing that AMCA also had 7.7 million of their customer records affected in a similar incident.
Some of the more comprehensive lists of known data breaches include:
Identity theft victims can receive advice from these websites:
The Consumer Financial Protection Bureau (CFPB), a U.S. government agency that enforces federal consumer financial laws, publishes a list of companies that track data of U.S. consumers. The Fair Credit Reporting Act (FCRA) requires companies to give consumers copies of their personal data reports.
Some of the more relevant companies on this list include:
LexisNexis has a free personal report available which shows data compiled from various public sources.
An online dispute can be filed with Equifax, Experian, TransUnion, and LexisNexis if there are errors in a credit file.
The U.S. Copyright Office issued a new ruling effective October 28th 2018 that allows exceptions to the Digital Millennium Copyright Act of 1998 (DMCA). Section 1201 of the DMCA was used by some companies to restrict consumer and third party use of products containing software, including smartphones, computers, motor vehicles, and home appliances. This ruling allows greater legal protection for consumers and third party companies to repair and diagnose rightfully owned technology products.
Answers to some frequently asked questions on this ruling can be found at www.copyright.gov/1201/2018/faqs.html. General information on U.S. copyright laws is available at www.copyright.gov/help/faq/index.html.
Digital rights groups such as the Repair Association and the Electronic Frontier Foundation have issued their own responses regarding this ruling.
Google announced the scheduled end of the Google+ social network for non-enterprise users. Users have the next 10 months to move their data from Google+.
As part of this announcement, Google also stated that there was a bug in one of the Google+ People APIs that could have allowed data access to user data marked as private. This bug was noted and fixed by Google in March of 2018 and there was no evidence that this data was misused. Some of the optional user fields in this bug included name, email address, occupation, gender and age.
Google+ users who access it through G Suite will not be affected by this change. More information is available at the Google+ FAQ page.