What is a JSON feed? Learn more

JSON Feed Viewer

Browse through the showcased feeds, or enter a feed URL below.

Now supporting RSS and Atom feeds thanks to Andrew Chilton's feed2json.org service

CURRENT FEED

Cyber Security & Privacy News | Hippogriff LLC

Every week Hippogriff shares some of the most alarming data breach and privacy infringing occurrences throughout the world. Keep stopping by to see the most recent entries.

A feed by Wizards that are not wee at work...

XML


Indiana: Schneck Medical Center Sued Over 2021 Data Breach

Permalink - Posted on 2022-06-17 16:00

On September 29, 2021, Schneck Medical Center in Indiana announced that it had been the victim of a cyberattack. But it wasn’t until May, 2022, that the medical center began notifying what they characterized as a “limited number” of patients about the incident. As DataBreaches reported at the time, their notification left important questions unaddressed. DataBreaches’ attempt to get clarification from them as to whether this was a ransomware incident and why they stated that Schneck “has no evidence that any of the information was or will be misused,” went unanswered. One of the claims reported to be part of the lawsuit is that the medical center allegedly violated state law by not providing timely notification. Indiana’s data breach notification law was amended this year to require notification no later than 45 days after discovery of the breach, but that amended law does not go into effect until July 1, and DataBreaches suspects that in either event, Schneck will argue that it was not until March of 2022 after diligent efforts that they discovered that protected health information was involved, etc.


Louisiana: New Information in Third Party Data Breach Compromising Tax Payer Checking Accounts

Permalink - Posted on 2022-06-17 16:00

We have new information following numerous reports of bank account fraud throughout Southwest Louisiana. 7News has heard many complaints from viewers who say they were told their checking accounts may have been involved in a data breach after paying their property taxes. Essentially, when you pay your property taxes, you send the check to the Calcasieu Parish Sheriff’s Office. They in turn send the money to First Horizon Bank (formerly IberiaBank), which then uses a third party to process the payments. We’re told the third party, Technology Management Resources, is the one that may have been compromised. “CPSO was notified by IberiaBank that its third party Lockbox service provider, Technology Management Resources, Inc. (TMR), may have had a security breach; the breach did not involve CPSO’s database or computer systems,” the Sheriff’s Office said in a statement Friday. The Sheriff’s Office says it is working with First Horizon to provide the contact information needed to make notification to affected tax payers. Those individual tax payers do their personal banking at various banks, so across the area we are seeing customers having to close and reopen accounts to make sure they are protected. Some of those affected use First Federal Bank in Lake Charles, which tells 7News it’s helping its customers secure their information.


Study Reveals One Third of Top 100 U.S. Hospitals are Sending Patient Data to Facebook

Permalink - Posted on 2022-06-17 16:00

An analysis of hospitals’ websites has revealed one-third of the top 100 hospitals in the United States are sending patient data to Facebook via a tracker called Meta Pixel, without apparently obtaining consent from patients. Even more concerning is that for 7 hospital systems, Meta Pixel was installed inside password-protected patient portals. The researchers found that five of those hospital systems were sending data to Meta about real patients who volunteered to participate in the Pixel Hunt project, which was jointly run by the Markup and Mozilla Rally. Participation in that project involved allowing data to be sent to The Markup about the sites they visited, which revealed the data being sent to Meta included patients’ medications, descriptions of their allergic reactions, and details about their upcoming doctor’s appointments.


FTC Weighs in On Data Breach Notification

Permalink - Posted on 2022-06-17 16:00

The FTC recently reminded companies that principles of fairness and the likelihood of harm may in some cases prompt breach notification. This requirement might exist even if state breach notice laws have not been triggered. The FTC emphasized at the same time the need for breach disclosures to be accurate. These comments appeared in the FTC blog, and underscore the agency’s continuing trend to exercise its enforcement authority under the FTC Act in the data security and data breach context. When discussing breach notification, of focus for the FTC were situations when disclosing information to an individual might have “mitigate[d] reasonably foreseeable harm.” This stands in contrast to more explicit notification triggers under state breach notice laws. Laws that specifically define what constitutes a “breach” for which notification is necessary. Many of which, though, have exceptions to notification if no harm is likely. The FTC’s commentary presents the other analytical side to these state laws’ “no harm” exceptions. According to the FTC, even if notification is not legally required under state breach laws, notification may nevertheless be advisable if it might mitigate reasonably foreseeable harm. Or, if failing to disclose would increase affected parties’ potential harm.


Ransomware Attack on Montrose Environmental Group Disrupts Lab Testing Services

Permalink - Posted on 2022-06-17 16:00

Montrose Environmental Group, a US-based provider of environmental services, has revealed it was hit by a ransomware attack last weekend that disrupted its laboratory testing operations. In a statement issued on Tuesday (June 14) the Arkansas-headquartered company said: “We believe the incident primarily affected computers and servers within our Enthalpy Analytical laboratory network,” adding that it expects “certain lab results within our Enthalpy business will be delayed”. Enthalpy Analytical, a Montrose subsidiary, operates 11 environmental testing laboratories around the US that test air, soil, water, and other substances for toxicity and pollutants.


Almost 1.3 Million Patients of TX Tech U. Health Sciences Center Affected by Eye Care Leaders Data Breach

Permalink - Posted on 2022-06-16 17:00

Texas Tech University Health Sciences Center has confirmed that the protected health information of 1,290,104 patients was compromised in a data breach at its electronic medical record vendor, Eye Care Leaders. Eye Care Leaders said it detected a breach on Dec. 4, 2021, and disabled the affected systems within 24 hours. Texas Tech University Health Sciences Center said it received the final results of the forensic investigation on April 19, 2022. The compromised information included the following data elements: name, address, phone numbers, driver’s license number, email, gender, date of birth, medical record number, health insurance information, appointment information, social security number, as well as medical information related to ophthalmology services.


San Diego Family Care Agrees to $1 Million Settlement to Resolve Class Action Data Breach Lawsuit

Permalink - Posted on 2022-06-16 17:00

San Diego Family Care, a Californian provider of medical, dental, & mental health services, has agreed to settle a class action lawsuit filed by patients affected by a data breach in 2020. The data breach that sparked the lawsuit was announced by the healthcare provider in May 2021 and was reported to the HHS’ Office for Civil Rights (OCR) as affecting 125,500 patients, although the total was later revised to 154,513 patients. The compromised data included names, Social Security numbers, government identification numbers, financial account numbers, dates of birth, medical diagnosis or treatment information, health insurance information, and client identification numbers. The security breach occurred in December 2020 at a technology provider and business associate, Netgain Technologies, and involved ransomware. Netgain Technologies reportedly paid a $2.3 million ransom for the keys to decrypt data and prevent any further disclosures of data. San Diego Family Care was one of several healthcare providers to have data compromised in the attack. After notifying the affected individuals, two class action lawsuits were filed against San Diego Family Care over the data breach. While the ransomware attack was not conducted on San Diego Family Care, plaintiffs in the lawsuits alleged that San Diego Family Care had failed to protect patient information, had not implemented sufficient data security measures, and did not issue notification letters promptly. Netgain Technologies notified San Diego Family Care about the data breach in January 2021, but the notification letters were not sent to affected individuals until May.


Confidential Record Leak Leaves CalBar, Lawyers, Clients Exposed

Permalink - Posted on 2022-06-16 17:00

California’s state bar association, which is responsible for licensing and regulating more than 250,000 lawyers in the most populous US state, is itself under scrutiny for a data leak that allowed confidential client complaint and attorney disciplinary record data to be captured by a free court records website. As many as 322,500 such documents were vacuumed up by JudyRecords.com between October 2021 and February 2022, according to a proposed class action filed against the California bar by two lawyers, a former judge, and three people with attorney grievances, all of whom are proceeding anonymously.


Motion for Preliminary Approval of Accellion Data Breach Settlement Filed in California Federal Court

Permalink - Posted on 2022-06-16 17:00

This week Plaintiffs in thirteen consolidated cases brought against Accellion and other defendants filed a motion for preliminary approval of a class action settlement in California federal court. This development is notable for its resolution (if approved) only as to Accellion and for the categories of relief offered to class members. In re Accellion, Inc. Data Breach Litigation, Case No. 21-cv-01155-EJD (E.D. Cal.). First, some background. In December 2020, Defendant Accellion notified its customers that it had experienced a data event. According to filings in the litigation, cybercriminals targeted vulnerabilities in Accellion’s legacy file transfer (“FTA”) product during December 2020-January 2021. The incident affected a number of public and private sector entities. Litigation, including a number of California Consumer Privacy Act class action lawsuits, followed. In these cases Plaintiffs alleged that Accellion: (a) failed to implement and maintain adequate data security practices to safeguard Plaintiffs’ and Class Members’ Personal Information; (b) failed to prevent the data event; (c) failed to detect security vulnerabilities leading to the data event; and (d) failed to disclose that their data security practices were inadequate to safeguard Class Members’ Personal Information. Besides invoking the CCPA, Plaintiffs also asserted claims against Accellion for negligence, negligence per se, invasion of privacy (intrusion upon seclusion), violations of various consumer protection statutes (including the North Carolina Unfair Deceptive Trade Practices Act, the Washington Consumer Protection Act, , the California Confidentiality of Medical Information Action (“CMIA”), the California Customer Records Act (“CCRA”), and the California Unfair Competition Law (“UCL”)), and for declaratory and injunctive relief.


2 Texas Hospital Networks Infected by Malicious Code

Permalink - Posted on 2022-06-16 17:00

The IT networks at San Antonio, Texas-based Baptist Medical Center and New Braunfels, Texas-based Resolute Health Hospital were infected by malicious code that allowed an unauthorized user to access the personal health information of some patients. On April 20, the hospitals learned that malicious code had infected their networks as a result of an unauthorized party gaining access to certain systems between ​​March 31 and April 24. The systems contained the protected health information of patients, such as Social Security numbers, names, dates of birth, health insurance information, medical information, addresses, and billings and claims information.


BeanVPN Leaks 25 Million User Records

Permalink - Posted on 2022-06-16 17:00

Free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public, according to an investigation by Cybernews. The cache of 18.5GB connection logs allegedly contained more than 25 million records, which included user device and Play Service IDs, connection timestamps, IP addresses and more. Cybernews said it found the database using an ElasticSearch instance during a routine checkup, which the company has now reportedly closed.


72% of Middle Market Companies Expect to Experience a Cyber Attack

Permalink - Posted on 2022-06-16 17:00

Middle market companies face an increasingly volatile cybersecurity environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment, according to an RSM US and U.S. Chamber of Commerce report. Larger middle market companies reported a bigger drop in attacks with 29% this year compared to 43% in last year’s report, while 16% of smaller organizations suffered an attack or demand in contrast to 24% in 2021. While the number of attacks dropped, middle market leaders do not expect the ransomware threat to diminish, with 62% reporting they are at risk for a ransomware attack in the next 12 months, which increased from 57% last year. The reported frequency of business takeover attempts has remained consistent over the last few years, and 2022 survey data is no different. Forty-five percent of respondents said that outside parties attempted to manipulate employees by pretending to be trusted third parties or company executives, compared to 51% in 2021. The survey reported that 27% of those attempts to manipulate employees were successful over the last year, a considerable drop from 45% in 2021’s data. While business takeover attempts became less successful in the middle market, there is no end in sight to the potential threat. In the study, 73% said their organization is at risk of an attack by manipulating employees in the next 12 months, a slight increase over last year and the highest number ever recorded.


Elasticsearch Server with No Password or Encryption Leaks a Million Records

Permalink - Posted on 2022-06-16 17:00

Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub. Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte. StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities. Safety Detectives wrote that full names, phone numbers, physical addresses, email addresses, and even device types were among the exposed data. Customers’ orders, plus the locations they ordered from and the times at which they ordered, were also open to the world. Safety Detectives asserts that order details included “partially masked credit card information.” Information about StoreHub users’ staff was also exposed. So were access tokens that could allow miscreants to alter users’ StoreHub-powered sites. Safety Detectives’ post says it found the exposed server on January 12th and promptly reported it, then followed up – but StoreHub did not respond. On January 27th the security company decided to contact StoreHub’s host – AWS – and Malaysia’s Computer Emergency Response Team. The server was secured by February 2nd.


Central Florida Inpatient Medicine Notifies 197,733 Patients After Employee Email Account Compromised

Permalink - Posted on 2022-06-15 15:00

CFIM does not indicate when they first discovered that there had been a breach or how they first discovered it. They do reveal that the types of PHI involved included names, dates of birth, medical information including diagnosis and/or clinical treatment information, physician and/or hospital name, dates of service, and health insurance information. In a limited number of cases, they write, Social Security numbers, driver’s license numbers, financial account information, and usernames and passwords were also involved.


Montrose Environmental Group Says Ransomware Attack Took Place Over Weekend

Permalink - Posted on 2022-06-15 15:00

Montrose Environmental Group Inc. said Tuesday that it determined it was the target of a ransomware attack over the weekend. The environmental services company said it believes the attack primarily affected computers and servers within its Enthalpy Analytical laboratory network based on currently available information. Montrose said fact patterns of the attack as well as information from law enforcement and independent cybersecurity experts lead it "to believe that this attack has been carried out by highly sophisticated bad actors."


Got Hit by a Cyber Attack? Hackers Will Probably Come After You Again Within a Year

Permalink - Posted on 2022-06-15 15:00

Most companies that get hit by a cyberattack are likely to fall victim again – sometimes repeatedly – as many struggle to improve their cybersecurity strategy, even after incidents. According to research by cybersecurity company Cymulate, 39% of companies were hit by cybercrime over the past 12 months – and of those, two-thirds were hit more than once. Of those hit more than once, one in 10 fell victim to further cyberattacks 10 or more times.


Small Botnet Launches Record-Breaking 26 Million RPS DDoS Attack

Permalink - Posted on 2022-06-15 15:00

Security and web performance services provider Cloudflare this week announced that it has mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 26 million requests-per-second (RPS). Considered the largest HTTPS DDoS attack on record, the assault was launched by a botnet of roughly 5,000 devices.


Class Action Lawsuit Filed Against Shields Health Care Group Over 2 Million-Record Data Breac

Permalink - Posted on 2022-06-15 15:00

A class action lawsuit has been filed against Shields Health Care Group over its recently announced 2 million-record data breach – the largest healthcare data breach to be reported so far this year. Shields Health Care Group is the largest provider of MRI imaging services in New England and operates more than 40 facilities in the region. On May 27, 2022, the Massachusetts-based medical imaging service provider reported the data breach to the HHS’ Office for Civil Rights and confirmed that an unauthorized actor had access to some of its IT systems from March 7 to March 21, 2022. During that time, files were exfiltrated from its systems that included patient information such as names, addresses, birth dates, Social Security numbers, diagnoses, billing information, insurance numbers and medical or treatment information. A data breach of this scale is likely to see several lawsuits filed, with Keller Postman LLC and co-counsel Sweeney Merrigan Law LLP, and Finkelstein, Blankinship, Frei-Pearson, & Garber LLC the first to file. The lawsuit, William Biscan v. Shields Health Care Group Inc.– was filed in the District Court for the District of Massachusetts and alleges the defendant negligently handled the private health information of the plaintiff and other similarly situated individuals. The lawsuit alleges the defendant should have been aware of the risk of a data breach yet failed to implement reasonable and appropriate safeguards to keep patient data private and confidential and protect against unauthorized access and disclosure. As a result, the personal and protected health information of patients in “a dangerous and vulnerable condition” and failed to notify affected individuals in a timely manner.


Data Breach at U.S. Ambulance Billing Service Comstar Exposed Patients' Healthcare Information

Permalink - Posted on 2022-06-15 15:00

A data breach at US ambulance billing service Comstar has potentially exposed sensitive information belonging to medical patients. The healthcare security incident was discovered on March 26, when Comstar noticed “suspicious activity” related to some servers within its environment. As a result, information belonging to “certain individuals” was accessed, including names, dates of birth, information regarding medical assessment and medication administration, health insurance information, drivers’ licenses, financial account information, and Social Security numbers.


Over Three-Quarters of U.K. Adults Hit by Online Scams

Permalink - Posted on 2022-06-14 17:00

More than 40 million UK consumers are thought to have been targeted by digital fraudsters so far in 2022, a double-digit increase from the same time last year. Charity Citizens Advice commissioned a poll of over 2000 UK adults back in May, asking if they had been contacted by scammers since the start of the year. Some 14% more people than last year said they had been targeted. The most common scams involved delivery/postal services (55%), government spoofing (41%), investment fraud (29%), rebates and refunds (28%) and banking (27%). Also popular were online shopping (24%), healthcare (13%) and energy-related scams (13%).


India's Farmers Exposed by New Aadhaar Data Leak

Permalink - Posted on 2022-06-14 17:00

A security researcher said an Indian government website was exposing the Aadhaar numbers of India’s farmers, potentially amounting to millions of people. Atul Nair told TechCrunch that he found a part of Pradhan Mantri Kisan Samman Nidhi website that was revealing the farmers’ information. PM-Kisan, as the agency is better known, is an Indian government initiative aimed at providing every farmer in India with basic financial income. But Nair said a portion of the initiative’s website was returning farmers’ Aadhaar numbers, which farmers have to provide to receive the state income.


Only 10% of Vulnerabilities Are Remediated Each Month

Permalink - Posted on 2022-06-14 17:00

A research from SecurityScorecard and The Cyentia Institute revealed only 60% of organizations have improved their security posture despite a 15-fold increase in cyber-attacks over the last three years. The joint research sought to measure the speed of vulnerability remediation from 2019 – 2022 and revealed only modest progress in the area of vulnerability remediation. The research found that 53% of the 1.6 million organizations assessed had at least one exposed vulnerability to the internet, while 22% of organizations amassed more than 1,000 vulnerabilities each, confirming more progress is required to protect organizations’ critical assets.


Kaiser Permanente Data Breach Exposed Healthcare Records of 70,000 Patients

Permalink - Posted on 2022-06-14 15:00

The healthcare and personal information of up to 70,000 Kaiser Permanente patients in Washington state may have been exposed following unauthorized access to the US healthcare giant’s email system. The data breach incident, which took place in early April, potentially exposed patients’ first and last name, medical record number, dates of service, and laboratory test result information of the health plan provider.


Confluence Servers Hacked to Deploy AvosLocker, Cerber2021 Ransomware

Permalink - Posted on 2022-06-13 18:00

Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. If successfully exploited, this OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts and executing arbitrary code. Soon after active exploitation was reported in the wild and Atlassian patched the bug, proof-of-concept exploits were also leaked online, lowering the skill level required for exploitation even further. The severity of this security flaw and the already available exploits didn't go unnoticed, with multiple botnets and threat actors actively exploiting it in the wild to deploy cryptomining malware.


Arizona: 700,000 Patients Affected by Yuma Regional Medical Center Ransomware Attack

Permalink - Posted on 2022-06-13 18:00

Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information of approximately 700,000 current and former patients. According to the recent YRMC announcement, the attack was detected on April 25, 2022, which affected some of its IT systems. YRMC said immediate action was taken to contain the attack, and systems were taken offline to prevent further unauthorized access. Law enforcement was notified, and a third-party computer forensics firm was engaged to assist with the investigation and determine the nature and scope of the attack. The investigation confirmed that the attackers gained access to its systems between April 21 and April 25, 2022, and, prior to file encryption, a subset of files were exfiltrated from its systems.


California: Personal and Sensitive Files from Tehama County Social Services Leaked on Dark Web

Permalink - Posted on 2022-06-10 17:00

On their dark web blog, Quantum threat actors claim to have acquired 32 GB of files from Tehama County Social Services in California. Quantum describes the files as involving information of county clients and employees: Financial information, budgets, fiscal docs, contracts, HR data, resumes, payrolls, clients personal data, scans ID, scans SSN, personal info, scans certificates, incident reports, COVID vaccine cards, personal medical information, death lists, criminal record documents, Protective Custody Removal Warrants, many working documents, confidential documents, birth certificates, medication lists, children documents, court reports, client base with addresses and phones, MEDS program access, insurance documents. The attack occurred on April 9, and as media reported on April 15, the county quickly took its system offline to investigate. As of today’s date, however, if one goes to the county’s site, you can find no update or any indication that anything was ever wrong.


Vermont Enacts Insurance Data Security Law

Permalink - Posted on 2022-06-10 17:00

On May 27, 2022, Vermont Governor Phil Scott signed H.515, making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). The Vermont Insurance Data Security Law applies to “licensees”—those licensed, authorized to operate or registered, and those required to be licensed, authorized or registered, under Vermont insurance law, with few exceptions. The new law generally follows MDL-668’s provisions, adopting the model law’s broad definition of nonpublic information and requiring licensees to, in part, maintain a written information security program (“WISP”) and investigate cybersecurity incidents. Unlike other state laws based on MDL-668, however, the Vermont Insurance Data Security Law declines to establish separate cybersecurity event notification requirements for licensees. Under the new law, licensees must develop, implement and maintain a comprehensive WISP that contains administrative, technical and physical safeguards for the protection of nonpublic information and the licensee’s information system. Licensees must conduct a risk assessment to create a WISP “commensurate with the size and complexity of the licensee, the nature and scope of the licensee’s activities, including its use of third-party service providers, and the sensitivity of the nonpublic information.”


New Jersey District Cancels Finals After Ransomware Attack

Permalink - Posted on 2022-06-10 17:00

Tenafly Public Schools last week found ransomware had encrypted data on some computers in the district's network, leading to the cancellation of exams and classes going back to paper, pencils and overhead projectors. It’s unclear who is responsible for the ransomware attack in Tenafly or how much money they requested. When asked if the school district will pay the ransom, Corliss said “there was nothing definitive at this time.” However, she added law enforcement agencies were involved with the investigation.


Data Breaches Reported by Aesto Health and Motion Picture Industry Health Plan

Permalink - Posted on 2022-06-09 15:00

Aesto Health, a Birmingham, AL-based software company that provides solutions to help healthcare enterprises and medical providers exchange, organize, and protect patient information, has announced it recently experienced a cyberattack that caused disruption to certain internal IT systems. The security breach was detected on March 8, 2022, and steps were immediately taken to prevent further unauthorized access to its systems. A third-party computer forensics company was engaged to assist with the investigation, which confirmed that an unauthorized individual had access to the affected systems from December 25, 2021, to March 8, 2022. During that time frame, certain files were exfiltrated from a backup storage device, which include radiology reports from Osceola Medical Center (OMC) in Wisconsin. A review of the affected files confirmed they contained patients’ protected health information, including names, dates of birth, physician names, and report findings related to radiology imaging at OMC. No Social Security numbers or financial information were viewed or stolen, and OMC systems and electronic medical records were unaffected. Aesto Health said additional safeguards and technical security measures have been implemented to further protect and monitor its systems. The Motion Picture Industry Health Plan (MPIHP) has announced that the protected health information of 16,838 plan members has been impermissibly disclosed in a mis-mailing incident. On March 31, 2022, MPIHP discovered an error with a mailing that saw information about plan members sent to incorrect mailing addresses. In each case, a letter intended for one MPIHP member was sent to an incorrect MPIHP member.


Email Account Breaches Reported by Allaire Healthcare Group and Platinum Hospitalists

Permalink - Posted on 2022-06-09 15:00

Freehold, NJ-based Allaire Healthcare Group, which runs five residential healthcare facilities in the tri-state area that provide subacute care, dementia care, and respite care, has discovered an unauthorized individual has gained access to the email account of one of its employees. Suspicious activity was detected in the employee’s email account on November 24, 2021. Prompt action was taken to secure the account and its email system and to prevent further unauthorized access. The forensic investigation confirmed the breach was limited to a single email account that was accessed by an unauthorized individual between November 10, 2021, and November 24, 2021. A programmatic and manual review of the affected email account was completed on March 18, 2022. The review confirmed the email account contained the protected health information of 13,148 individuals, including first and last names, Social Security numbers, Allaire-issued unique client identifier numbers, driver’s license numbers, passport numbers, financial account numbers, payment card information, information regarding medical histories, treatment/diagnosis information, prescription information, and/or health insurance information. Platinum Hospitalists has recently started notifying 6,000 patients that some of their protected health information has potentially been compromised. On March 29, 2022, Platinum Hospitalists discovered an email account had been accessed by an unauthorized individual. The investigation confirmed that the employee’s credentials were stolen following a response to a phishing email. The breach was limited to a single email account, with the review of the account confirming it contained individually identifiable protected health information. Platinum Hospitalists said patient data is encrypted when it is sent externally, including via email, but the nature of the attack meant the information in the account could have been viewed and downloaded in a readable form. The investigation has been unable to confirm the specific information that was compromised, but the following types of information were present in the email account: patient names, dates of birth, dates of service, diagnosis and procedure codes, medical record numbers/patient account numbers, insurance identification numbers, and invoiced amounts. No addresses or Social Security numbers were exposed.


Goodman Campbell Brain and Spine Alerts Patients to Ransomware Attack

Permalink - Posted on 2022-06-09 16:00

Yesterday, Hive threat actors added Goodman Campbell Brain and Spine to their leak site, with a notice that they had encrypted the entity on May 20. They also provided some files as proof. Having skimmed the data that Hive has already leaked, their advice would be well-taken. Not only has Hive already dumped internal information about the entity including passwords for important accounts, but it has also leaked personal and financial information on doctors, and information on named patients that include their diagnoses and procedures, with some insurance information.


MyEasyDocs Exposed 30GB of Israeli and Indian Students PII Data

Permalink - Posted on 2022-06-09 16:00

The team of IT security researchers at vpnMentor led by Noam Rotem identified a misconfigured Microsoft Azure server that exposed the personal and educational records of tens of thousands of students from India and Israel. The exposed server belonged to Myeasydocs, an online data verification platform based in Chennai, India. Myeasydocs specialises in verifying documents related to banking, colleges, universities, goverment institutians and law enforcement agencies. To verify, users are required to submit their records via Myeasydocs’ software which are then uploaded to the company’s cloud server. In this case, it was a Microsoft Azure server left exposed without any security authentication. This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to the exposed data which contained 30.5GB worth of files belonging to 57,400 Israeli and Indian students.


Japan: Anti-Malware Disabled in Cyber Attack at Handa Hospital

Permalink - Posted on 2022-06-09 16:00

A cyberattack on a hospital in Tokushima Prefecture in October occurred after a company disabled anti-virus software on the hospital's computers, according to a report published on June 7. The report said the company was involved in providing an electronic medical record system to Handa Hospital in Tsurugi, Tokushima Prefecture. The hospital, run by the Tsurugi town government, was forced to suspend some of its operations for about two months after being subjected to a ransomware attack. The report was compiled by an experts panel established within the hospital. It said before the cyberattack occurred, the company configured the Windows settings of the computers connected to the electronic medical record system to disable functions including anti-virus software and regular Windows updates. These computers were among about 200 used in the hospital. The company said that it did so because these functions would have made the electronic medical record system unstable if they had not been disabled. The report criticized the company by saying it “prioritized enabling the electronic medical record system to operate over the security protection of the computers.” After the meeting of the town assembly on June 7 to which the report was presented, Yasushi Suto, a doctor and administrator of the hospital, told reporters that, “We were not told by the company at all (about the disabling of these functions).” When regular Windows updates identify a security vulnerability on a computer, a program is sent to correct the problem. However, the report points out that Windows was never updated on the computers at the hospital. The report said, “Every single vulnerability existed in these computers.” The report also pointed out that a virtual private network (VPN) device that other companies set up at the hospital for maintenance of the electronic medical record system had never been updated.


Decentralized Crypto Exchange Offline After Hacker Steals $113 Million

Permalink - Posted on 2022-06-09 15:00

On Sunday, the founder and CEO of Maiar—a decentralized exchange (DEX) that bills itself as “the future of money"—and the Elrond blockchain that it runs on, wrote on Twitter that he and his team were “investigating a set of suspicious activities on the Maiar DEX.” As it turned out, the suspicious activities were those of hackers. On Monday, Mincu published a Twitter thread detailing the incident. In the thread, Mincu said “a bug was discovered and exploited,” and that the team was now working on recovery of the DEX and had patched the bug. The developers took the exchange offline shortly after discovering the hack, according to Mincu. The exchange's website currently says it is in "scheduled" maintenance. But, at that point, the hackers had already done the damage. According to a blockchain researcher who goes by Foudres, the hacker stole around 1,650,000 EGLD, the native token of the Elrond blockchain, with around $113 million at the time of the hack. The hackers used three wallets to drain funds from the exchange, and were able to sell 800,000 EGLD, which caused the price of EGLD on the Maiar exchange nosedived from $76 to $5, Foudres explained.


Increasingly Autonomous Cars Raise Cyber Security Fears

Permalink - Posted on 2022-06-09 15:00

As the auto industry enters an era where cars are increasingly relying on the internet to operate, some experts say that the shift to autonomy may pose greater cybersecurity risks if potential hackers target software vulnerabilities. Although the experts are not aware of any cyberattacks targeting electric vehicles thus far, they said the auto industry should still be working to upgrade their security and software systems for the well-being of their customers. And they said a real cyberattack against autonomous vehicles is very much in the realm of possibility. In fact, two cybersecurity researchers proved that it was achievable when they remotely hacked a Jeep Cherokee in 2015 to demonstrate the vulnerabilities of connected vehicles. The researchers were able to gain access to the car’s steering, transmission and brakes. The simulation hack prompted Fiat Chrysler to recall 1.4 million vehicles so it could install software to fix the vulnerabilities. A spokesperson for the National Highway Traffic Safety Administration (NHTSA) told Reuters at the time that it was the first time an auto company had to recall cars over cybersecurity concerns.


Study Finds Eighty Percent of Ransomware Victims Attacked Again

Permalink - Posted on 2022-06-09 15:00

It doesn’t pay to pay. This advice on ransomware payment is often given, but rarely enumerated. Now it has been. A new study finds that 80% of companies that paid a ransom were hit a second time, with 40% paying again. Seventy percent of these paid a higher amount the second time round. Sixty percent of companies admitted ransomware gangs had been in their network from one to six months before they were discovered – a key indicator of a double extortion attack. But paying the double extortion fee doesn’t really help; nearly 200,000 companies never received their data back after paying. And the criminals still have the data regardless. Thirty-five percent of companies suffered C-level ‘resignations’ because of a ransomware attack.


Ransomware Pressure Forces U.K. CISOs to Consider Quitting

Permalink - Posted on 2022-06-08 16:00

Some 49% of UK cybersecurity decision-makers have considered leaving the industry due to mounting stress levels, and a similar number know someone who has in the past year, according to new research. The data comes from security vendor Deep Instinct’s latest Voice of SecOps report, compiled from interviews with 1000 C-suite and senior cybersecurity professionals in North America, the UK, France, and Germany. These respondents work in companies with over 1000 employees and annual revenues of more than $500m. Worryingly, 46% of UK respondents said the stress of dealing with mounting threats had risen measurably over the past year. Even more (51%) believe this pressure is impacting their decision-making. Ransomware (51%) was highlighted as the number one contributor to this stress for CISOs, followed by supply chain attacks (49%) and the impact of digital transformation on security posture (47%). For senior security pros, ransomware again ranked first (48%), followed by concerns over insufficient SecOps staff (42%) and alert overload (49%). The latter two are regularly reported challenges faced by SecOps managers. Trend Micro research from May last year revealed that 70% of security operations center (SOC) staff are becoming emotionally overwhelmed by the sheer number of alerts pouring in from disparate security tools. This alert overload makes it difficult to separate the real from the noise. In fact, Deep Instinct found that 85% of respondents spend an average of nine hours each week dealing with alerts caused by false positives. Over three-quarters (78%) said their false positive rate has increased over the past year, and a quarter (24%) admitted to turning off alerts altogether as a result of becoming inundated.


Attacker Dwell Time Surges 36% in 2021

Permalink - Posted on 2022-06-08 16:00

Threat actors spent a median of 15 days inside victim networks last year, an increase of over a third from the previous year, according to new data from Sophos. The security vendor’s Active Adversary Playbook 2022 was compiled from data on 144 cases collected by Sophos incident response teams in the wild. It claimed the increase in dwell time is down mainly to the exploitation of ProxyLogon and ProxyShell vulnerabilities last year and the emergence of initial access brokers (IABs) as an integral part of the cybercrime underground. Dwell time was longer for smaller organizations: 51 days in SMEs with up to 250 employees versus 20 days in organizations with 3,000 to 5,000 employees.


Healthcare Organizations Struggle to Obtain Cyber Insurance Policies, Report Shows

Permalink - Posted on 2022-06-08 16:00

Healthcare ransomware attacks are not slowing down, prompting an increased demand for reliable cyber insurance policies. But as healthcare cyberattacks skyrocket, cyber insurers are pushing up prices or leaving the market altogether, Sophos stated in its “State of Ransomware in Healthcare 2022” report. Across all surveyed sectors, 83 percent of organizations reported securing cyber insurance, while only 78 percent of healthcare organizations said they had coverage. “Given the high rate of ransomware incidents in healthcare, this insurance coverage gap leaves many organizations exposed to the full cost of an attack,” the report stated. In addition to challenges with obtaining coverage, 51 percent of respondents said that the level of cybersecurity needed to qualify is now higher, and 45 percent said that the policies are now more complex.


California Attorney General Reminds Health App Providers of Obligations to Protect Health Information

Permalink - Posted on 2022-06-08 16:00

On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the CMIA requires businesses to preserve the confidentiality of medical information and prohibits the disclosure of medical information without proper authorization. It also urges mobile app providers to adopt robust security and privacy measures to protect reproductive health information. According to the press release, this should include, at a minimum, “assess[ing] the risks associated with collecting and maintaining abortion-related information that could be leveraged against persons seeking to exercise their healthcare rights.” The press release touts California’s strong protections of reproductive freedom and states that “[s]ensitive health data must remain secure and never be used against individuals seeking critical healthcare and exercising their right to abortion.”


Barely One-Third of IT Pros Can Vet Code for Tampering

Permalink - Posted on 2022-06-08 16:00

Global research commissioned by ReversingLabs and conducted by Dimensional Research, revealed that software development teams are increasingly concerned about supply chain attacks and tampering, but barely a third said they can effectively vet the security of developed and published code for tampering. Dimensional Research surveyed more than 300, global IT and security professionals. Respondents included executives, technology, and security professionals at software enterprises both large and small representing all seniority levels and with digital product or leadership responsibilities. Despite being aware of the dangers of publishing vulnerable software, the survey found, companies continue to put themselves at risk for software supply chain attacks.


Online Gun Shops in the U.S. Hacked to Steal Credit Cards

Permalink - Posted on 2022-06-07 16:00

Two two American gun shops, Rainier Arms and Numrich Gun Parts, that operate e-commerce sites have disclosed data breaches resulting from card skimmer infections on their sites. Ranier Arms, who operates on rainierarms.com, says they began receiving reports of unauthorized payment card activity of cards of its customers as early as December 2021. Rainier Arms sent 46,319 notices to impacted customers, a copy of which can be found on the online portal of Montana’s Attorney General. Numrich Gun Parts Corporation, whose website is gunpartscorp.com, suffered a similar breach on its website, which it discovered on March 28, 2022. According to a notice shared with the Office of the Maine Attorney General, the number of affected customers is 45,169, all of whom will receive a data breach notice in the following days.


Shields Health Care Group Data Breach Affects 2 Million Patients

Permalink - Posted on 2022-06-07 16:00

Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data. Shields is a Massachusetts-based medical services provider specializing in MRI and PET/CT diagnostic imaging, radiation oncology, and ambulatory surgical services. According to a data breach notification published on the company's site, Shield became aware of the cyberattack on March 28, 2022, and hired cybersecurity specialists to determine the scope of the incident. The examination of log files showed that the hackers had access to Shields’ systems from March 7, 2022, to March 21, 2022, allowing them to potentially access data containing patient information.


Britian: Gloucester Council IT Systems Still Not Fully Operational Six Months After Cyber Attack

Permalink - Posted on 2022-06-06 15:00

Gloucester City Council’s IT systems are still not fully operational almost six months after it was targeted by Russian hackers. The authority acknowledged its servers were compromised on December 20 last year. The phishing “sleeper” malware found its way into the council's system by a third party and reportedly encrypted files. Housing benefit, council tax support, test and trace support payments, discretionary housing payments and other online services were disrupted as a result. The local authority set aside £380,000 ($514,000) to remediate and recover from the incident, according to reports. Opposition councilors raised concerns recently about the increasing cost of the cyber-attack. The bill is so far in the hundreds of thousands, yet many fear the final tally will be more than £1m. Liberal Democrat group leader Jeremy Hilton said the December cyber-attack is still disrupting council services


Healthcare Ransomware Attacks Increased by 94% in 2021

Permalink - Posted on 2022-06-06 15:00

Ransomware attacks on healthcare organizations increased by 94% year over year, according to the 2022 State of Ransomware Report from cybersecurity firm Sophos. The report is based on a global survey of 5,600 IT professionals and included interviews with 381 healthcare IT professionals from 31 countries. This year’s report focused on the rapidly evolving relationship between ransomware and cyber insurance in healthcare. 66% of surveyed healthcare organizations said they had experienced a ransomware attack in 2021, up from 34% in 2020 and the volume of attacks increased by 69%, which was the highest of all industry sectors. Healthcare had the second-highest increase (59%) in the impact of ransomware attacks. According to the report, the number of healthcare organizations that paid the ransom has doubled year over year. In 2021, 61% of healthcare organizations that suffered a ransomware attack paid the ransom – The highest percentage of any industry sector. The global average was 46%, which is almost twice the percentage of the previous year. Paying the ransom may help healthcare organizations recover from ransomware attacks more quickly, but there is no guarantee that paying the ransom will prevent data loss. On average, after paying the ransom, healthcare organizations were only able to recover 65% of encrypted data, down from 69% in 2020. In 2020, 8% of healthcare organizations recovered all of their data after paying the ransom. That figure fell to just 2% in 2021. While the healthcare industry had the highest percentage of victims paying the ransom for the decryption keys and to prevent the exposure of sensitive data, healthcare had the lowest average ransom amount of $197,000. The global average across all industry sectors was $812,000. The ransom cost was lower in healthcare, but the overall cost of recovery was second-highest, with the total cost of a ransomware attack $1.85 million, which is considerably higher than the global average of $1.4 million.


Personal Information of Over 30,000 Students Exposed in Unprotected Database

Permalink - Posted on 2022-06-06 15:00

The personal information of more than 30,000 students was found on an improperly secured Elasticsearch server, security researchers with SafetyDetectives report. The server, the researchers say, was left connected to the Internet and did not require a password to allow access to the data within. Thus, it exposed more than one million records representing the personally identifiable information (PII) of 30,000 to 40,000 students, the researchers estimate. The exposed information, they say, included full names, email addresses, and phone numbers, along with credit card information, transaction and purchased meals details, and login information stored in plain text. SafetyDetectives, which notes that the improperly secured server was being updated at the time it was discovered, also found evidence of server logs showing student data being exposed.


Italian city of Palermo Shuts Down All Systems to Fend Off Cyber Attack

Permalink - Posted on 2022-06-06 15:00

The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. Palermo is home to about 1.3 million people, the fifth most populous city in Italy. The area is visited by another 2.3 million tourists every year. Although local IT experts have been trying to restore the systems for the past three days, all services, public websites, and online portals remain offline. According to multiple local media outlets, the impacted systems include the public video surveillance management, the municipal police operations center, and all of the municipality’s services. It’s impossible to communicate or request any service that relies on digital systems, and all citizens have to use obsolete fax machines to reach public offices. Moreover, tourists cannot access online bookings for tickets to museums and theaters (Massimo Theater) or even confirm their reservations on sports facilities. Finally, limited traffic zone cards are impossible to acquire, so no regulation occurs, and no fines are issued for relevant violations. Unfortunately, the historical city center requires these passes for entrance, so tourists and local residents are severely impacted.


Foxconn Confirms Ransomware Hit Factory in Mexico

Permalink - Posted on 2022-06-03 16:00

Electronics manufacturing giant Foxconn has confirmed that its Tijuana-based Foxconn Baja California factory was hit by ransomware in late May. The manufacturer did not say whether data was stolen during the attack, but a threat group that operates the LockBit 2.0 ransomware recently claimed the theft of data from the facility, threatening to make it public unless a ransom is paid.


40% of Enterprises Don't Include Business-Critical Systems in Their Cyber Security Monitoring

Permalink - Posted on 2022-06-03 16:00

Logpoint has announced findings from a recent poll to uncover the security and cost implications enterprises face with their existing IT infrastructure. The poll was targeted at cybersecurity and IT professionals in both the U.S. and UK. The poll revealed the extent of insecure and unmonitored business-critical systems, with 40 per cent noting that they do not include business-critical systems such as SAP in their cybersecurity monitoring. In addition, a further 27 per cent were unsure if it was included in their cybersecurity monitoring at all. This is concerning given that SAP serves as the core system behind every aspect of business operations. Not including this in the centralised security monitoring solution leaves organizations vulnerable and exposed to the risk of cyber threats.


Twice as Many Healthcare Organizations Now Pay Ransom

Permalink - Posted on 2022-06-02 17:00

Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31 countries. It revealed that two-thirds of HCOs were hit by ransomware last year, up from just a third in 2020. Sophos claimed this surge was down to the popularity of ransomware-as-a-service on the cybercrime underground. However, it could also be a result of the increased willingness of HCOs to pay their attackers. Some 61% paid a ransom in 2021, up from just 34% a year previously. Sophos claimed that the high cost of remediation, and the impact of operational outages, coupled with the increased sophistication of attacks on the sector could explain this jump. Just 2% of respondents paid a ransom and got all their data back. “The increase in successful ransomware attacks is part of an increasingly challenging broader threat environment which has affected healthcare more than any other sector,” the report noted.


Injured Workers Pharmacy Faces Class Action Lawsuit over Email Account Breach

Permalink - Posted on 2022-06-02 17:00

A class action lawsuit has been filed in the U.S. District Court for the District of Massachusetts by the law firm Morgan & Morgan against Injured Workers Pharmacy (IWP) over a breach of the personal information of 75,771 customers. IWP is an Andover, MA-based pharmacy that serves employees who were injured at work and receive workers’ compensation benefits. On May 11, 2021, IWP discovered several employee email accounts had been accessed by an unauthorized individual, and those email accounts contained sensitive information such as names, addresses, and Social Security numbers. The first email accounts were compromised in January 2021, which allowed unauthorized access to the information in the accounts for 4 months before the breach was detected and the accounts were secured. Affected individuals were offered complimentary credit monitoring and identity theft protection services for 24 months. Plaintiffs Alexsis Webb and Marsclette Charley allege IWP failed to implement appropriate data security safeguards to ensure the privacy of their personal information and that of the class members, had not followed industry security best practices and had not provided security awareness training to the workforce. IWP failed to issue notification letters about the breach until February 2022, 9 months after the breach was detected. The lawsuit alleges negligence, negligence per se, breach of implied contract and fiduciary duty, invasion of privacy, and unjust enrichment. The plaintiffs claim they face an imminent and ongoing risk of identity theft and fraud due to the exposure of their sensitive data to cybercriminals and have had to spend time and money protecting themselves against identity theft and fraud. The lawsuit seeks class action status, a jury trial, damages, reimbursement of out-of-pocket expenses, and legal costs.


Thailand's Personal Data Protection Act Enters into Force

Permalink - Posted on 2022-06-02 17:00

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Specifically, it requires data controllers and processors to have a valid legal basis for processing personal data (i.e., data that can identify living natural persons directly or indirectly). If such personal data is sensitive personal data (such as health data, biometric data, race, religion, sexual preference and criminal record), data controllers and processors must ensure that data subjects give explicit consent for any collection, use or disclosure of such data. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law. The PDPA applies both to entities in Thailand and abroad that process personal data for the provision of products or services in Thailand. Like the GDPR, data subjects are guaranteed rights, including the right to be informed, access, rectify and update data; restrict and object to processing; and the right to data erasure and portability. Breaches may result in fines between THB500,000 (U.S.$14,432) and THB5 million, plus punitive compensation. Certain breaches involving sensitive personal data and unlawful disclosure also carry criminal penalties including imprisonment of up to one year.


Singapore Mandates Account Lock for Banks as Safeguard Against Online Scams

Permalink - Posted on 2022-06-02 17:00

Singapore banks must provide a self-service kill switch that enables consumers to suspend their accounts in a suspected breach and beef up their fraud surveillance systems, as part of new security measures to safeguard against increasing online scams. The latest set of measures would complement those introduced in January this year, shortly after a spat of online scams involving OCBC Bank customers resulted in losses of more than SG$8.5 million ($6.32 million). The new measures were unveiled Thursday and expected to come into effect by October 31 this year, according to the Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS). Local banks would progressively roll out the latest round of measures, which included setting the default transaction limit for online funds transfers to no higher than SG$5,000 and requiring additional confirmation from customers to process "significant changes" to their accounts. Further confirmations also would be required for high-risk transactions identified through fraud surveillance. Banks also must assign bank staff to the Singapore Police Force Anti-Scam Centre, in order to facilitate "rapid" account freezing and fund recovery operations.


Icare Sends Private Details of 193,000 Workers to Wrong Employers

Permalink - Posted on 2022-06-02 17:00

The personal details of almost 200,000 injured workers were mistakenly shared with 587 employers and insurance brokers in a major privacy data breach by embattled state insurer icare last month. A senior source with direct knowledge of the breach said the details of 193,000 employees were contained in spreadsheets that were mistakenly sent as attachments to the wrong employers. Icare contacted affected workers last week to apologise and put the mistake down to “human error”. In the letter, seen by the Herald, workers’ compensation group executive Mary Maini said she was “very sorry” about the breach on May 10. It also published a short statement on its website. Icare “inadvertently sent out a report containing a limited amount of information relating to your workers’ compensation claim to another employer, who should not have received it,” she wrote. The state insurer provides workers’ compensation insurance to 3.6 million public and private sector employees in NSW. It was recently forced to repay $38 million to 53,000 injured workers due to historic payment errors.


Mirror Protocol Suffers $2 Million Exploit After $90 Million Stolen in October

Permalink - Posted on 2022-06-02 17:00

The Mirror Protocol – a decentralized finance platform on the Terra network – has had more than $2 million drained from it due to an issue affecting how its price-setting software reacted to the historic Luna cryptocurrency crash and the rushed decision to create a new version of it. After the coin collapsed earlier this month, the people behind it created a new version and released it this weekend. But Mirror Protocol’s pricing oracle set the price of Luna to that of the new version of the coin even as the price of the original coin plummeted far below 1 cent. This allowed attackers to take out more than $1 million in loans with just $1,000 in collateral.


Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks

Permalink - Posted on 2022-06-01 17:00

Hybrid working and cloud migration during the course of the pandemic has led to a surge in DNS-related attacks, with application downtime and data theft a major consequence, according to IDC. The analyst’s 2022 Global DNS Threat Report is sponsored by security vendor efficientIP and compiled from interviews with over 1000 global organizations with more than 500 employees. The report revealed that 88% of organizations suffered DNS-related attacks over the past year, at an average of seven per responding company. These include DNS tunnelling, phishing, malware, zero-day exploits, DDoS attacks, DNS hijacking and cloud misconfiguration abuse. All categories saw an increase in frequency of attacks over the previous year.


Twice as Many Healthcare Organizations Now Pay Ransom

Permalink - Posted on 2022-06-01 17:00

Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31 countries. It revealed that two-thirds of HCOs were hit by ransomware last year, up from just a third in 2020. Sophos claimed this surge was down to the popularity of ransomware-as-a-service on the cybercrime underground. However, it could also be a result of the increased willingness of HCOs to pay their attackers. Some 61% paid a ransom in 2021, up from just 34% a year previously. Sophos claimed that the high cost of remediation, and the impact of operational outages, coupled with the increased sophistication of attacks on the sector could explain this jump. Just 2% of respondents paid a ransom and got all their data back.


DDoS Threats Growing in Sophistication, Size, and Frequency

Permalink - Posted on 2022-06-01 17:00

Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behaviour since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack. The report also finds 97% of DDoS attacks were under 10Gbps, as low packet rate attacks continued to grow during 2021. It suggests this may be the result of attackers sending packets to a victim at lower rates to avoid easy detection. Stephenson adds, “Combined with the 82% share of short duration DDoS attacks, the intention is that these stealthier transient attacks will appear as legitimate traffic, bypassing simple security measures and succeeding in choking access to important downstream services or connections.” Frequency of repeat attacks also grew with a 29% increase in organizations who experienced a second attack within a week. The report also provides constructive recommendations regarding DDoS protection. “With the 82% increase in shorter duration DDoS attacks there is a growing requirement to detect-and-block in real time, rather than relying on time-consuming and expensive traffic redirection to cloud solutions,” says Stephenson, “The advantage here is that that most of these attacks can be addressed by on-premises solutions, avoiding the disruption, risk and cost of re-routing customer traffic across the Internet to third party scrubbing centres.”


Cyber Criminal Scams City of Portland, Oregan for $1.4 Million

Permalink - Posted on 2022-06-01 17:00

Portland, Ore. is investigating a cybersecurity breach that resulted in a $1.4 million fraudulent transaction with city funds in April — one discovered after the same compromised account tried again the next month, the city said in a press release late last week. It’s unclear if any funds have been recovered in the recent Portland incident. The City did not immediately respond to requests for comment from The Record. But some local observers are not optimistic.


Latest Cyber Attack in Costa Rica Targets Hospital System

Permalink - Posted on 2022-06-01 17:00

A cyberattack struck Costa Rica's hospitals and clinics early Tuesday morning, the Costa Rican Social Security Fund (CCSS) said, the latest in a string of hacks targeting the Central American country in recent weeks. The cyberattack forced the CCSS to shut down its digital record-keeping system, affecting some 1,200 hospitals and clinics and potentially impacting care for thousands of patients, according to the public health agency.


Turkish Airline Exposes Flight and Crew Information in 6.5TB Leak

Permalink - Posted on 2022-05-31 16:00

A low-cost Turkish airline accidentally leaked personal information of flight crew alongside source code and flight data after misconfiguring an AWS bucket, it has emerged. A research team from security comparison site SafetyDetectives discovered the cloud data store left wide open on February 28. It traced some of the leaked information to Electronic Flight Bag (EFB) software developed by Pegasus Airlines. EFBs are information management tools designed to optimize the productivity of airline crew by providing essential reference materials for their flight. Almost 23 million files were found on the bucket, totalling around 6.5TB of leaked data. This included over three million files containing sensitive flight data such as: flight charts and revisions; insurance documents; details of issues found during pre-flight checks; and info on crew shifts. Over 1.6 million files contained personally identifiable information (PII) on airline crew, including photos and signatures. Source code from Pegasus’s EFB software was also found in the trove, including plain text passwords and secret keys.


Data Breach at Australian Pension Provider Impacts 50,000 Victims Following Phishing Attack

Permalink - Posted on 2022-05-31 16:00

A phishing attack at Australian pension provider Spirit Super has resulted in “some personal details being compromised”. The ‘super fund’ confirmed that user data was breached on May 19, 2022 after an employee’s email account was accessed. An investigation into the incident found that there was “unauthorized access to a mailbox containing personal data” that includes names and other sensitive information. Spirit Super said approximately 50,000 individuals are affected. Spirit Super manages $26 billion worth of funds on behalf of 325,000 members across Australia.


Louisiana: School Board Hacked After Emails of Contractors Compromised

Permalink - Posted on 2022-05-31 16:00

The Calcasieu Parish School Board has been the victim of a cyber fraud incident. The fraud occurred a few months ago. It was a result of the compromised emails of several hurricane-related contractors. The incident is strictly monetary and did not compromise the data of any student or employee. An internal investigation was launched immediately, and the Calcasieu Parish Sheriff’s Office was contacted. The criminal investigation is ongoing and will likely continue for an extended period of time. Due to the nature of the case, the School Board is unable to provide any additional information at this time.


$39.5 Biillion Lost to Phone Scams in Last Year

Permalink - Posted on 2022-05-31 16:00

Truecaller announced a research conducted in partnership with The Harris Poll in March of 2022, and the findings detail trends/insights on the impact of spam and phone scams that have increasingly permeated the U.S. over the last 12 months. The study estimates that a staggering $39.5 billion was lost to phone scams this past year, which is the highest number recorded since Truecaller began researching scam and spam calls in the U.S. eight years ago. According to the study, 33% of Americans report having fallen victim to phone scams, and 20% on more than one occassion. Of those who lost money to phone scams in the last year, the average reported loss was $577, up 14.94% from the average in 2021 of $502, and robocallers were reported to have duped 61.1% of these people. The research indicates that despite Federal Communication Commission’s (FCC) efforts to regulate via the STIR/SHAKEN framework (a set of FCC standards aimed at protecting Americans from robocalls/scammers) about 68.4 million Americans fell victim to a phone scam in the last 12 months, indicating scammers are sidestepping government regulation and finding more clever ways to defraud victims.


57% of All Digital Crimes in 2021 Were Scams

Permalink - Posted on 2022-05-31 16:00

Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups. The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100. Traffic has become the circulatory system of scam projects: researchers emphasize that the number of websites used for purchasing and providing “gray” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.


Canada: Cyber Attack Downs Regina Public Schools' Computer Systems

Permalink - Posted on 2022-05-27 17:00

Regina Public Schools has confirmed that what it described as a "network-wide incident" earlier this week is in fact a cyber security attack. There's no word on the nature of the attack but the school district confirmed it has affected a large number of its computer systems. On Tuesday, Regina Public Schools said the incident meant all internet-based systems such as email and other education tools were offline. In a statement published to social media networks on Thursday afternoon, officials said that after "several days of investigation" it has become clear that the incident that first began on Sunday is a cyber attack.


Hacker Steals Database of Hundreds of Verizon Employees

Permalink - Posted on 2022-05-27 17:00

A hacker has obtained a database that includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. It’s unclear if all the data is accurate or up to date. Motherboard was able to confirm that at least some of the data is legitimate by calling phone numbers in the database. Four people confirmed their full names and email addresses, and said they work at Verizon. Another one confirmed the data, and said she used to work at the company. Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.


Three-Quarters of Security Professionals Believe Current Cyber Security Strategies Will Shortly Be Obsolete

Permalink - Posted on 2022-05-26 16:00

On Tuesday, Crossword Cybersecurity Plc, a cybersecurity solutions company, released a new report demonstrating that UK companies are increasingly worried about cyber-attacks. In the survey of more than 200 CISOs and senior cybersecurity professionals, 40% of respondents said that their current cybersecurity strategy will likely be outdated in just two years. A further 37% said this would happen in three years. The ever-increasing number of cyber-attacks coupled with constant tech innovation means companies must continuously update their cybersecurity strategies. More than three-fifths (61.4%) of participants marked themselves as “fairly confident” in their ability to thwart cyber-attacks. To keep up with the risk of cyber-attacks, companies need to invest more funds into cybersecurity solutions. With this in mind, only 44% of respondents said they had the means necessary to protect their organization against immediate and mid-term risk, alongside tech trends. There is a pressing need for companies to develop cybersecurity strategies to mitigate long-term threats.


India's SpiceJet Strands Planes After Being Hit By Ransomware Attack

Permalink - Posted on 2022-05-26 16:00

Indian airline SpiceJet delayed a number of flights on Wednesday after reporting being hit by a ransomware attack the previous day. A number of users took to social media channels to complain about the delayed flights, but according to Josh Rickard, Security Automation Architect at Swimlane, the consequences of the ransomware attack may have been much worse.


Ambulance Billing Service and Two Health Systems Report Breaches Involving Protected Health Information

Permalink - Posted on 2022-05-26 16:00

Ambulance billing service Comstar LLC in Massachusetts is notifying an as-yet undisclosed number of people following a data security breach of their systems that was detected on March 26, 2022. It is not clear from their notice whether those being notified are all patients who used their service, or if there are also employees affected, or others. The notification indicates that the types of information involved include name, date of birth, medical assessment and medication administration, health insurance information, driver’s license, financial account information, and Social Security numbers. Because the investigation could not determine exactly what specific information on those systems was accessed, Comstar appears to be notifying everyone who had information on those systems.


Illinois: Cyber Attack Costs City of Quincy $650,000

Permalink - Posted on 2022-05-26 16:00

Quincy Mayor Mike Troup said the city has spent about $150,000 on outside consultants and $500,000 for an encryption key to regain access to the city’s information services systems. In other words, $500,000 in ransomware.


Ransomware Attack Disrupts a Range of Services in a New Jersey County

Permalink - Posted on 2022-05-26 16:00

A county in New Jersey is still dealing with the aftermath of a ransomware attack that began on Tuesday, highlighting the disruptions that cyberattacks can wreak on local governments. Officials in Somerset County — which has a population of about 350,000 and is just north of Princeton University — announced on Tuesday that its email system was down. The county had to create temporary Gmail accounts so that residents can contact “critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff, and Surrogate.”


Twitter to Pay $150 Million Penalty for Allegedly Breaking Its Privacy Promises – Again

Permalink - Posted on 2022-05-26 16:00

It’s FTC 101. Companies can’t tell consumers they will use their personal information for one purpose and then use it for another. But according to the FTC, that’s the kind of digital bait-and-switch Twitter pulled on unsuspecting consumers. Twitter asked users for personal information for the express purpose of securing their accounts, but then also used it to serve targeted ads for Twitter’s financial benefit. It wasn’t Twitter’s first alleged violation of the FTC Act, but this one will cost the company $150 million in civil penalties.


Austria's Carinthia Halts Passport Issuance Over Ransomware Attack

Permalink - Posted on 2022-05-26 16:00

Criminal hacker group Black Cat is demanding $5 million in Bitcoin from the Austrian state of Carinthia in exchange for decryption software and sensitive data it claims to have accessed following a hacker attack that resulted in a massive IT failure of government services on Tuesday.


68% of Legal Sector Data Breaches Caused by Insider Threats

Permalink - Posted on 2022-05-25 16:00

More than two-thirds (68%) of data breaches at UK law firms are caused by insiders, according to official figures from the Information Commissioner’s Office (ICO). ICO Data focused on Q3 2021 was analyzed by NetDocuments. It found that just 32% of breaches in this sector were caused by outside threats, such as external malicious actors. The dominance of insider breaches during this period is believed to be linked to the ‘great resignation,’ whereby workers are changing jobs at an unprecedented rate amid the COVID-19 pandemic. In industries like law, there is the danger of staff taking company data with them as they leave their roles. Over half (54%) of data breaches in the legal sector were due to human error in this period. This included documents being emailed or posted to the wrong recipient, failure to redact or use bcc on correspondence and hardware misconfiguration. Linked to this, 52% of breaches occurred from sharing data with the wrong person via email, post or verbally. One in 10 (10%) incidents were attributed to data loss, such as loss/theft of devices containing personal data or of paperwork left in an insecure location. Finally, a quarter (25%) were caused by phishing attacks.


Canada: Data Breach at Toronto Health Network Possibly Exposed Patient Information, OHIP Numbers

Permalink - Posted on 2022-05-25 16:00

A Toronto health network says some of its servers containing a variety of personal patient details were recently breached. The Scarborough Health Network (SHN), which includes three hospitals and eight satellite sites, said in a statement Wednesday their IT department first noticed "unusual activity" on its servers Jan. 25. Its investigation with cybersecurity experts found past and present patient data may have been accessed. The hospital network said it couldn't determine which patients were specifically affected but that it included patients who received care prior to the amalgamation of SHN Centenary Hospital (also known as Scarborough Centenary Hospital), SHN General (also known as Scarborough General), and Birchmount Hospital (also known as Scarborough Grace) under one network in 2016. It also affects patients who received care at hospitals that were part of the former Rouge Valley Hospital Network, including RVHS Ajax and Pickering Campus or Ajax-Pickering Hospital.


Washington University School of Medicine Notifies Patients of Data Breach

Permalink - Posted on 2022-05-25 16:00

St. Louis-based Washington University School of Medicine notified patients that a data breach had potentially exposed some of their personal health information. According to Washington University School of Medicine's website, the health system learned that an unauthorized person gained access to certain employee email accounts between March 4 and March 28. An investigation conducted March 24 was unable to determine whether the individual viewed any of the emails or attachments in the accounts, however, the health system did identify that the emails contained patient and research participant information, including names, dates of birth, addresses, medical records, patient account numbers and clinical information. In some instances, health insurance information and Social Security numbers were also identified in the accounts.


142 Million MGM Resorts Records Leaked on Telegram for Free Download

Permalink - Posted on 2022-05-25 16:00

On July 14th, 2020, Hackread.com reported that a hacker going by the online handle of NightLion stole several databases from the breach monitoring site DataViper. One of the databases belonged to MGM Resorts and contained the personal data of 142 million customers. Although at that time NightLion was selling the data on now seized Rainforums and dark web marketplaces for $2,900, the latest reports reveal that the same database comprising 142 million records has been shared on Telegram for the public to download for free.


Ransomware Attacks Increasing at Alarming Rate

Permalink - Posted on 2022-05-24 17:00

The Verizon Business 2022 Data Breach Investigations Report (2022 DBIR) reveals an unprecedented year in cybersecurity and details focal issues affecting the international cybersecurity landscape. In addition to the increase in ransomware breaches, it also found that 82% of cyber breaches involved the human element, including social attacks, errors and misuse. It also found that 62% of incidents in the system intrusion pattern involved threat actors compromising partners.


Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyber Attack

Permalink - Posted on 2022-05-24 17:00

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. PHC has now confirmed in a breach notification to the Maine Attorney General that the protected health information of 854,913 current and former health plan members has potentially been stolen, making this one of the largest healthcare data breaches to be reported so far this year. The review of the affected files is ongoing, and while it has yet to be confirmed which specific types of protected health information were included in the affected files, notification letters are starting to be sent to affected individuals. PHC said the types of information potentially stolen may include names, birth dates, addresses, email addresses, Social Security numbers, driver’s license numbers, Tribal ID numbers, medical record numbers, health insurance information, diagnoses, treatment and prescription information other medical information, and member portal usernames and passwords.


Texas Department of Transportation Hacked

Permalink - Posted on 2022-05-24 17:00

This is not be the first time the Texas Department of Transportation (TxDOT) has apparently had a data security incident, and it certainly not the largest breach the state has ever experienced, but it appears that TxDOT’s portal for the certified payroll system for contractors has been hacked. Two posts by one individual appeared over the weekend on a hacking-related forum. The first post included a screencap of an employee’s setup with the employee’s personal information, including SSN. The forum post also included login credentials and the url for the state’s contractor’s payment system. For ethical and legal reasons, DataBreaches did not test the login credentials. The second post included a screencap showing listings of a contractor’s projects. A second screencap in the post contained another employee’s setup screen with their personal information.


U.S. Car Giant General Motors Hit by Cyber Attack Exposing Car Owners' Personal Information

Permalink - Posted on 2022-05-24 17:00

US automobile manufacturer General Motors (GM) announced that it was hit by a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards. GM said that they detected the malicious login activity between April 11-29 2022. The personal information of affected customers includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members' avatars and photos (if uploaded), profile pictures and search and destination information. Other information available to hackers included car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords). Apart from resetting their passwords, GM advised affected individuals to request credit reports from their banks and place a security freeze if required.


Security Has Become More Difficult, IT Leaders Say

Permalink - Posted on 2022-05-23 15:00

Workspot announced a survey report conducted by Dimensional Research, which reveals that in the past year, due to remote work, 83% of IT leaders expanded or accelerated their cloud strategies, while still facing increasing challenges with security (71%), and concerns about employee compliance to new controls (60%). With that in mind, budgets are expected to increase throughout the year to improve remote work technologies. Hybrid work has impacted technology, solutions, and strategies IT leaders relied on. From conferencing to remote access, new iterations of technologies have been adopted, but with that, new challenges have come up. In this context, Workspot’s report looks at how experiences, strategies, and technology used for supporting remote workers are delivering value today, including challenges IT decision-makers are still facing and expectations on what to invest in for adapting computing, security, and new collaboration capabilities.


Facial Recognition Firm Clearview AI Fined $9.4 Million by U.K. Regulator

Permalink - Posted on 2022-05-23 15:00

The UK Information Commissioner’s Office (ICO) has fined facial recognition database firm Clearview AI more than £7.5 million (around $9.4 million) for breaching the UK GDPR. The ICO has also ordered Clearview to stop scraping and using the personal data of UK residents, and to delete the data of UK residents from its systems. Key failures under the UK GDPR (and therefore also the EU GDPR) include a failure to be fair and transparent (individuals are unaware that their images may have been scraped and included in the database), and the lack of a lawful reason to collect people’s information. This is not the first time Clearview has been sanctioned under data privacy laws. In February 2021, Canada’s privacy commissioner Daniel Therrien said, “What Clearview does is mass surveillance, and it is illegal.” He recommended that Clearview AI stop offering its facial recognition services to Canadian clients, stop collecting images of people in Canada and delete those already in its database.” Clearview stopped offering its services in Canada, but declined the other recommendations.


Ransomware Hackers Steal Personal Data of 500,000 Students and Staff in Chicago

Permalink - Posted on 2022-05-23 15:00

The personal information of more than half a million Chicago Public Schools students and staff was leaked in a ransomware attack last December, although the breach wasn’t reported until April, officials said. The district said on Friday that technology vendor Battelle for Kids notified CPS of the breach on April 25. A server used to store student and staff information was breached, and four years’ worth of records were accessed, CPS said in a statement. CPS said that 495,448 student and 56,138 employee records were accessed from 2015-16 through 2018-2019 school years. Student information involved in the breach included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments. Employee information included names, employee identification numbers, school and course information, emails and usernames.


Nikkei Says Customer Data Likely Impacted in Ransomware Attack

Permalink - Posted on 2022-05-20 18:00

On Thursday, Nikkei announced that a server at its headquarters in Singapore was infected with ransomware last week. Nikkei also noted that customer data was likely stored on the affected server, but that its investigation into the nature and scope of the attack continues.


Massive CPS Data Breach Exposes Records of 560,000 Students, Employees

Permalink - Posted on 2022-05-20 18:00

A massive data breach has exposed four years’ worth of records of nearly 500,000 Chicago Public Schools students and just under 60,000 employees, district officials said Friday. The attack targeted a company that has a no-bid contract with the district for teacher evaluations and involved basic student and staff information, with no financial records or Social Security numbers stolen, according to CPS.


Big Data Breach Confirmed at Arnprior Regional Health

Permalink - Posted on 2022-05-20 18:00

Arnprior Regional Health says it has been the target of a cyber attack that has breached data dating back to decades ago. The hospital network confirmed the news via an announcement on its website on Thursday, May 19, adding that it had become aware of the attack on its information technology (IT) system on December 21. Names, contact information, dates of birth, health card numbers, recent visits to the hospital and diagnosis have been among the information compromised in the breach.


7.6% Increase in Vulnerabilities Tied to Ransomware in Q1

Permalink - Posted on 2022-05-20 18:00

Ivanti announced the results of the Ransomware Index Report Q1 2022 that it conducted with Cyber Security Works, a Certifying Numbering Authority (CNA), and Cyware, a leading provider of the technology platform to build Cyber Fusion Centers. The report identified a 7.6% increase in the number of vulnerabilities tied to ransomware in Q1 2022, with the Conti ransomware group exploiting most of those vulnerabilities. The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310) and connected Conti, a prolific ransomware group that pledged support for the Russian government following the invasion of Ukraine, to 19 of those new vulnerabilities. The report also revealed a 7.5% increase in APT groups associated with ransomware, a 6.8% increase in actively exploited and trending vulnerabilities, and a 2.5% increase in ransomware families. To further break down those numbers, the analysis revealed that three new APT groups (Exotic Lily, APT 35, DEV-0401) started using ransomware to attack their targets, 10 new active and trending vulnerabilities became associated with ransomware (bringing the total to 157), and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) became active in Q1 2022. Additionally, the report revealed that ransomware operators continued to weaponize vulnerabilities faster than ever before and target those that create maximum disruption and impact. This increased sophistication by ransomware groups has resulted in vulnerabilities being exploited within eight days of patches being released by vendors. It also means that any minor laxity in security measures by third-party vendors and organizations is sufficient for ransomware groups to enter and infiltrate vulnerable networks. To make matters worse, some of the most popular scanners are not detecting several key ransomware vulnerabilities. The research revealed that over 3.5% of ransomware vulnerabilities are being missed, exposing organizations to grave risks.


Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members

Permalink - Posted on 2022-05-19 16:00

Cleveland, OH-based Parker-Hannifin Corporation, a manufacturer of motion and control technologies, has recently announced that unauthorized individuals have gained access to some of its IT systems and may have acquired files containing the sensitive information of current and former employees, their dependents, and other individuals affiliated with the company.


Solara Medical Supplies $9.76 Million Data Breach Settlement Gets Preliminary Approval

Permalink - Posted on 2022-05-19 16:00

A $9.76 million settlement proposed by Solara Medical Supplies to resolve a class action lawsuit related to a 2019 data breach has received preliminary approval from the court. Solara Medical Supplies, which provides products and services to help people manage their diabetes, was the victim of a phishing attack that saw employees’ Microsoft Office 365 email accounts accessed by unauthorized individuals between April 2, 2019, and June 20, 2019. The email accounts contained the protected health information of patients and sensitive employee information, including names, dates of birth, billing and claims information, health insurance information, medical information, financial account information and credit card numbers, Social Security numbers, driver’s license numbers, state ID numbers, and Medicare/Medicaid IDs. The breach was reported to the HHS’ Office for Civil Rights as affecting 114,007 individuals. Legal action was taken on behalf of the individuals affected by the breach, with the class including all individuals residing in the United States and its territories who were notified in November 2019 that their information had been exposed. The plaintiffs alleged Solara Medical Supplies was negligent for failing to prevent the breach.


Ransom Demands Surge 45% in 2021

Permalink - Posted on 2022-05-19 16:00

The average ransom demand in 2021 was $247,000, 45% more than the previous year, with most threat actors trying to force payment via double extortion tactics, according to Group-IB. The security vendor’s Ransomware Uncovered 2021/2022 report was compiled from an analysis of over 700 investigations undertaken by its incident response team. It claimed the continued rise of ransomware is down to the proliferation of initial access brokers and ransomware-as-a-service offerings on the dark web. The report argued that more sophisticated threats made it harder for victims to recover: the average downtime from an attack rose from 18 to 22 days year-on-year. However, on the plus side, attacker dwell time fell from 13 days to nine over the same period. That limits the time in which threat actors have to move laterally within networks, steal data and deploy their ransomware payload. Data theft and threatened leakage were used in 63% of attacks last year as a method of forcing payment, Group-IB said. Lockbit, Conti and Pysa were the most aggressive in posting data to leak sites. However, it was two newcomers, Hive and Grief, that caught the eye – making it on the top 10 list of ransomware gangs by number of victims posted to leak sites. The former demanded an outrageous $240m ransom from MediaMarkt, the largest of the year and of all time.


46% of Organizations Still Store Passwords in Shared Documents

Permalink - Posted on 2022-05-19 16:00

46% of IT, security, and cybersecurity leaders say they still store passwords in shared office documents. That’s despite an overwhelming 93% of respondents that require password management training, with 63% holding training more than once per year, according to a survey conducted by Pulse on behalf of Hitachi ID.


Personal Information of Nearly Two Million Texans Exposed

Permalink - Posted on 2022-05-18 18:00

The personal information of nearly two million Texans was exposed for nearly three years due to a programming issue at the Texas Department of Insurance (TDI). The department revealed that details of 1.8 million workers who have filed compensation claims were publicly available online from March 2019 to January 2022 in a state audit report published last week. This included Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries. In a public notice on March 24, the TDI said it first became aware of a security issue with a TDI web application that manages workers’ compensation information on January 4 2022. This issue enabled members of the public to access a protected part of the online application.


Pharmacy Giant Dis-Chem Hit By Data Breach Affecting 3.6 Million Customers

Permalink - Posted on 2022-05-18 18:00

Pharmacy retailer Dis-Chem recently announced that it had been hit by a data breach affecting the personal details of 3.6 million customers. In a statement, Dis-Chem said it was contracted with a third-party service provider and operator for certain managed services that developed a database for Dis-Chem. The database contained “certain categories of personal information necessary for the services offered by Dis-Chem,” it added. “It was brought to our attention on 1 May 2022, that an unauthorized party had managed to gain access to the contents of the database. Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents,” the report read. A subsequent investigation revealed that the incident affected a total of 3,687,881 data subjects and that the following personal information was accessed: first name and surname; email addresses; and cell phone numbers.


Update to Indiana Data Breach Notification Law Shortens Timeline for Notifications

Permalink - Posted on 2022-05-18 18:00

On July 1, 2022, updated data breach notification laws (HB 1351) will take effect in Indiana that require notifications to be issued within 45 days of the discovery of a breach of the personally identifiable information (PII) of Indiana residents. Currently, the data breach notification requirements are for notifications to be issued without unreasonable delay. The update has been made to ensure that individuals whose PII has been exposed are provided with timely notification. When PII has been exposed, individual notifications should still be issued without unreasonable delay.


More Than 90,000 South Australian Public Servants Now Involved in Payroll Data Breach

Permalink - Posted on 2022-05-18 18:00

South Australia's Treasurer says 13,088 current and former public servants more than previously thought had their personal information stolen in a cyber attack last year. Treasurer Stephen Mullighan told parliament on Wednesday a "forensic review" by PricewaterhouseCoopers (PwC) uncovered the additional people that had had their personal data stolen, in addition to the 80,000 employees announced by the former government last year. The data, which included tax file numbers and bank account details, was stolen when the state government's payroll provider, Frontier Software, was hacked in November.


Behavioral Health Entities in Massachusetts and Ohio Reportedly Victims of Cyber Attacks

Permalink - Posted on 2022-05-18 18:00

DataBreaches.net has found two behavioral health entities that reportedly or allegedly experienced recent cyberattacks involving protected health information of patients. The first, Behavioral Health Partners of Metrowest (BHPMW), describes itself as a partnership that brings together leading social services and behavioral health agencies serving the Greater MetroWest region of Massachusetts. Together, they write, Family Continuity, Advocates, South Middlesex Opportunity Council (SMOC), Spectrum Health Systems, and Wayside Youth & Family Support Network provide services in mental health, substance use and addiction, housing, and social support for people of all ages. Between September 14, 2021 and September 18, 2021, BHPMW’s systems was accessed by an unknown party. The breach was first discovered on October 1, 2021. The types of information involved include name, Social Security Number, date of birth, medical information, health insurance information, and other information. The report to the Maine Attorney General’s Office indicates that 11,288 people were affected. Letters to those affected were mailed on May 11,2022. Allwell Behavioral Health Services is a private, not-for-profit provider of comprehensive community mental health services in Ohio. Data that appear to be theirs has been leaked on a dark web leak site by individuals who claim to have 200 GB of Allwell’s files. The data listed on the leak site is April 4, 2022, but it is not clear whether that refers to the date the system was attacked or the date the organization was added to the leak site.


Christus Health Ransomware Incident Involved Theft of Sensitive Patient and Employee Data

Permalink - Posted on 2022-05-17 16:00

DataBreaches inspected a sample of files in the leak. Here is a summary of just a few of the files: a spreadsheet with the names of patients who tested positive for COVID-19 between March and June, 2020; a focused professional review of an employee included patient information from the case logs: patient name, date of service, diagnosis, and patient account number; admission records for a one-week period in 2019 that included patients’ names, date of birth, reason for admission, phone number, provider information, and health insurance information; an employee phone roster; a suspension letter to a named physician due to delinquent medical records; other letters to named physicians of the format: files with patients’ health insurance information and billings; a 17-page Operating Room Schedule dated 05/02/2022 with patient name, date of birth, phone number, medical record number, type of procedure, reason for visit, type of insurance, name of surgeon/anesthesiologist, and type of anesthesia. Each page had multiple patient records on it; and a tumor conference patient list with information on six patients for consideration at a July 2020 case conference. Each patient’s name, date of birth, social security number, and type of tumor issue, was included.


Texas Department of Insurance Leak Went Undetected for Three Years, State Audit Finds

Permalink - Posted on 2022-05-17 16:00

And then there’s the Texas Department of Insurance. They informed the Texas Attorney General’s office that 1,800,000 Texas were affected by a leak involving names, addresses, dates of birth, phone numbers, parts or all of Social Security numbers, and information about injuries and workers’ compensation claims. Anyone who had claim since 2006 might be affected. In March 2022, after audit fieldwork was completed, the Department issued a notice that it had in January 2022 become aware of a data security issue with a Department web application that manages workers’ compensation information. Because of that issue, certain confidential information related to workers’ compensation claims may have been accessible to individuals outside of the Department between March 2019 and January 2022. The confidential information at risk included claimants’ names, addresses, dates of birth, and phone numbers; part or all of their Social Security numbers; and information about injuries and workers’ compensation claims.


Singapore Firms See High Rate of Security Incidents, But Struggle to Respond Promptly

Permalink - Posted on 2022-05-17 17:00

Some 65% of organisations in Singapore have experienced at least six cybersecurity incidents in the past year, but just 49% are able to respond to threats within a day, compared to an average of 70% across 11 global markets.


Ransomware Hits American Healthcare Company Omnicell

Permalink - Posted on 2022-05-17 16:00

Multinational company Omnicell recently confirmed that it had experienced a data breach after following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely to be disclosed in the coming weeks. In the company’s quarterly 10-Q filing, Omnicell stated: “Our IT systems and third-party cloud services are potentially vulnerable to cyber-attacks, including ransomware, or other data security incidents, by employees or others, which may expose sensitive data to unauthorized persons. On May 4, 2022, we determined that certain of our information technology systems were affected by ransomware impacting certain internal systems.”


Fifth of Businesses Say Cyber Attack Nearly Broke Them

Permalink - Posted on 2022-05-17 16:00

A fifth of US and European businesses have warned that a serious cyber-attack nearly rendered them insolvent, with most (87%) viewing compromise as a bigger threat than an economic downturn, according to Hiscox. The insurer polled over 5000 businesses in the US, UK, Ireland, France, Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox Cyber Readiness Report. It revealed the potentially catastrophic financial damage that a serious cyber-attack can wreak. The number claiming to have nearly been brought down by a breach increased 24% compared to the previous year. Nearly half (48%) of respondents said they suffered an attack over the past 12 months, a 12% increase from the previous report’s findings. Perhaps unsurprisingly, businesses in seven out of eight countries see cyber as their biggest threat. Yet perception appears to vary greatly depending on whether an organization has suffered a serious compromise or not. While over half (55%) of total respondents said they view cyber as a high-risk area, the figure among companies that have not yet suffered an attack is just 36%. While spending on cybersecurity is increasing, on average, up 60% per company year-on-year, so is the cost of attacks. Hiscox calculated the median cost at around $17,000 – up 29% year-on-year. More concerning given the new era of hybrid working is that almost two-thirds of respondents (62%) agreed that their business was more vulnerable to an attack as a result of employees working from home. This increased to 69% in companies with more than 250 employees.


Refuah Health Center Alerts 260,000 Patients About May 2021 Cyber Attack

Permalink - Posted on 2022-05-16 16:00

Refuah Health Center in New York has recently started notifying 260,740 patients about a security breach that occurred almost a year ago. According to the April 29, 2022, notification on the healthcare provider’s website. While Refuah Health Center did not disclose further information about the nature of the attack, databreaches.net reports that the attack appears to have been conducted by the Lorenz ransomware gang, which added Refuah Health Center to its list of victims on its data leak site on June 11, 2021, although that entry has now been removed.


Brazilian E-Commerce Firm Americanas Reports Multimillion-Dollar Loss Following Cyber Attack

Permalink - Posted on 2022-05-16 16:00

Brazilian e-commerce conglomerate Americanas.com reported a multimillion-dollar loss in sales in its financial results on Friday after a major cyberattack earlier this year. The company lost 923 million Brazilian reais ($183 million) in sales after two attacks that took place between February 19 and 20 and rendered its e-commerce operation unavailable. According to the company, physical stores continued to operate and the logistics arm of the company continued to deliver orders placed after the event.


Eye Care Leaders Hack Impacts Tens of Thousands of Patients

Permalink - Posted on 2022-05-13 18:00

Unauthorized individuals have gained access to the systems of Eye Care Leaders, a provider of electronic health records and patient management software solutions for eye care practices. On or around December 4, 2021, hackers gained access to its myCare Identity solution and deleted databases, systems configuration files, and data. Eye Care Leaders said its incident response team immediately stopped the unauthorized activity when the breach was detected and launched an investigation into the security breach. The investigation is ongoing, but notifications have now been sent to affected ophthalmology and optometry practices.


Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals

Permalink - Posted on 2022-05-13 18:00

Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) of nearly 40,000 individuals. According to a notice posted on the clinic’s website, on May 12, the clinic identified a data security incident that affected its computer system. To investigate the incident, OKCIC enlisted the help of a third-party forensic firm. The subsequent investigation confirmed that an unauthorized party accessed – and possibly retained – sensitive customer information. OKCIC revealed that compromised files included name, dates of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, Tribal ID numbers, Social Security numbers and driver’s license numbers of customers. As many as 38,239 individuals are reportedly impacted by the breach. OKCIS issued data breach letters to affected customers. In March, Oklahoma-based Duncan Regional Hospital suffered a security incident that exposed the personal data of more than 92,000 individuals.


Capital One Data Breach $190 Million Class Action Settlement

Permalink - Posted on 2022-05-13 18:00

Capital One will pay $190 million to resolve claims it jeopardized customer information in a 2019 data breach. The settlement benefits around 98 million Capital One customers whose information was compromised as part of the 2019 data breach. Capital One offers a variety of financial services to customers. However, according to the bank, its customers were targeted in a 2019 data breach. In July 2019, Capital One informed its customers that millions of them had their information compromised when a third party accessed bank systems. Although the perpetrator was captured by the Federal Bureau of Investigation (FBI), sensitive information such as names, birth dates, addresses, phone numbers, credit scores, contact information, credit balances, payment history, and even Social Security numbers were compromised. Customers affected by the data breach swiftly took legal action against Capital One, arguing the bank violated its duties to protect consumer information.


Cameron County Elections Office Reports Online Security Breach

Permalink - Posted on 2022-05-13 18:00

The Cameron County Elections Department is acknowledging a security breach in which someone gained access to files containing the personal identifying information of staff members and poll workers. Elections Administrator Remi Garza says the person was able to access files in the online storage system of Easy Vote, a company that provides poll worker management software. An initial investigation by the company found that the files contain the names, social security numbers, and driver’s license numbers of all department staff and poll workers – and that the information was put on the internet. A letter from Easy Vote to the elections office says the breach occurred between January 29th and January 31st, and that it is supporting law enforcement agencies in their investigations. Easy Vote has also sent letters to everyone affected, and Garza is urging that everyone follow the company’s recommendations for protecting their personal information.


Misconfigured ElasticSearch Servers Exposed 579 GB of Users' Website Activity

Permalink - Posted on 2022-05-13 18:00

In total, two misconfigured ElasticSearch servers belonging to an unknown organization exposed 359,019,902 (359 million) records that were collected with the help of data analytics software developed by SnowPlow Analytics. According to researchers, both ElasticSearch servers didn’t have any encryption or user authentication measures in place meaning anyone could have accessed the data without the need for a password. The unsecured, misconfigured servers eventually exposed 359,019,902 records, which equals around 579.4 GB of data. The exposed servers contained detailed logs of web user traffic.


New Zealand: Data Breach on AA Traveller Website

Permalink - Posted on 2022-05-11 07:00

AA Traveller said the website was in use between 2003 and 2018 and allowed customers to make travel bookings, enter competitions and take part in surveys. In a statement on its website AA Traveller said it "recently discovered a vulnerability in the application where the AA Traveller information was stored and that an unauthorised party accessed information within the database used".


Class Action Lawsuits Filed Against Oregon Health Group Over Ransomware Attacks

Permalink - Posted on 2022-05-11 07:00

Class action lawsuits have recently been filed against Partnership Health Plan in Northern California and Oregon Anesthesiology Group in response to ransomware attacks and the theft of sensitive patient/plan member data.


Hackers Hit Web Hosting Provider Linked to Oregon Elections

Permalink - Posted on 2022-05-11 07:00

A week before Oregon’s primary election, the secretary of state’s office is moving to protect the integrity of its online system where campaign finance records are published after a web hosting provider was hit by a ransomware attack. Secretary of State Shemia Fagan’s office said people inputting records into the ORESTAR state campaign finance reporting system may have been affected, and have been sent detailed instructions on how to proceed.


Personal details of 21 Million SuperVPN, GeckoVPN Users Leaked on Telegram

Permalink - Posted on 2022-05-11 07:00

The leaked records comprised 10GB of data and exposed 21 million unique records. The information included names, usernames, country names, billing details, email addresses, randomly generated password strings, and premium status and validity period.


FBI: Rise in Business Email-Based Attacks is a $43 Billion Headache

Permalink - Posted on 2022-05-09 16:00

The FBI warned the global cost of business email compromise (BEC) attacks is $43 billion for the time period of June 2016 and December 2021. According to FBI report, 241,206 complaints were lodged by the agency’s Internet Crime Center (IC3). According to IC3, the BEC scam victims have been reported in all 50 states of the US and 177 countries. Additionally, 140 countries received fraudulent transfers. The IC3 revealed that banks located in Thailand and Hong Kong were the primary destination for fraudulent funds, followed by China, Mexico, and Singapore. In the public service announcement by IC3, the losses recorded in the US are much larger in comparison to non-US victims. Between October 2013 and December 2021, a total of 116,401 US victims reported a total loss of $14.8 billion, whereas in the same period 5,260 non-US citizens reported losses of $1.27 billion. The FBI believes that a 65 percent spike in BEC scams between July 2019 and December 2021 could be partly caused by the pandemic as there were restrictions placed on normal business activities and everything shifted to virtual mode. “Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars,” IC3 reported.


Regulator Proposes $1 Million Fine for Colonial Pipeline One Year After Cyberattack

Permalink - Posted on 2022-05-09 16:00

One year after Colonial Pipeline was hit by a highly disruptive cyberattack, the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) wants the company to pay a fine of nearly $1 million over failures that allegedly worsened the impact of the hack. The PHMSA has proposed civil penalties of $986,000 for the operator of the largest fuel pipeline in the US for what it has described as control room management failures.


Ransomware Attack Hits Production Facilities of Agricultural Equipment Giant AGCO

Permalink - Posted on 2022-05-09 16:00

Agricultural equipment giant AGCO says its business operations have been impacted after falling victim to a ransomware attack last week. AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under brands such as Challenger, Fendt, Massey Ferguson, and Valtra. On Friday, the company announced that it fell victim to a ransomware attack that impacted some production facilities.


Illinois College, Hit by Ransomware Attack, to Shut Down

Permalink - Posted on 2022-05-09 16:00

Lincoln College is scheduled to close its doors Friday, becoming the first U.S. institution of higher learning to shut down in part due to a ransomware attack. A goodbye note posted to the school’s website said that it survived both World Wars, the Spanish flu and the Great Depression, but was unable to handle the combination of the Covid pandemic and a severe ransomware attack in December that took months to remedy.


Costa Rica declares national emergency after Conti ransomware attacks

Permalink - Posted on 2022-05-09 16:00

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.


Luxury fashion House Zegna Confirms August Ransomware Attack

Permalink - Posted on 2022-04-12 16:53

The Italian luxury fashion house Ermenegildo Zegna has confirmed an August 2021 ransomware attack that resulted in an extensive IT systems outage. The disclosure came in today's filing of an SEC Form 424B3 that updates their investment prospectus to alert investors of business disruption and data breach risks resulting from sophisticated cyberattacks. To highlight the potential investment risks, the report provides an example of a ransomware attack that hit the firm in August 2021, impacting most of its IT systems and causing a large-scale interruption. Zegna underlines that they did not engage with the ransomware actors in negotiating a ransom payment, so they had to restore from backups in the weeks that followed the incident.


SuperCare Data Breach Involves More Than 300,000 Individuals

Permalink - Posted on 2022-04-12 16:39

California-based respiratory care provider SuperCare Health revealed it had been hit by a data breach that affected more than 300,000 individuals. A recent data security notice posted on its website revealed that it discovered the incident on July 27 2021, when unauthorized activity was detected on a number of its systems. A subsequent investigation revealed that certain systems were accessed between July 23 2021 and July 27 2021. On February 4 2022, the company determined that the exposed files contained patient information, including name, address, date of birth, medical record number, hospital or medical group, patient account number, health-related information and claim information. In a number of cases, social security numbers and driver’s license numbers were also in the compromised files.


SuperCare Health Data Breach Impacts Over 300,000 People

Permalink - Posted on 2022-04-12 16:37

In a data security notice posted on its website, SuperCare said the intrusion was discovered on July 27, 2021, when it noticed unauthorized activity on some systems. An investigation revealed that someone had access to certain systems between July 23 and July 27, 2021. However, it took the company until February 4, 2022, to determine that the exposed files contained patient information, including name, address, date of birth, hospital or medical group, medical record number, patient account number, health-related information, and claim information. In some cases, social security numbers and driver’s license numbers were also stored in the compromised files.


Audit of the Connecticut Health Insurance Exchange Uncovers 44 Unreported Data Breaches

Permalink - Posted on 2022-04-06 16:00

An audit of Connecticut’s Health Insurance Exchange, Access Health CT, by the state auditor has revealed Access Health CT suffered 44 data breaches over the last 3.5 years that had not been fully reported and that sufficient steps had not been taken to safeguard sensitive data. The Connecticut Health Insurance Exchange acts as a health insurance marketplace to reduce the number of state residents who do not have health insurance and to facilitate applications by low-income individuals for Medicaid coverage, as required under The Affordable Care Act. While Access Health had reported the data breaches to the Department of Health and Human Services, as required by HIPAA, and the state attorney general had been notified, the breaches had not been reported to the state auditor and comptroller. Under state law, the Connecticut Health Insurance Exchange is required to notify the Auditors of Public Accounts and the State Comptroller promptly when a security breach is discovered.


Britain: Electric Vehicle Chargers Hacked to Show Porn

Permalink - Posted on 2022-04-06 16:00

Owners of electric vehicles in Isle of Wight, UK, were shocked today after public charge points were hacked to display pornography. Isle of Wight Council has three charge points in Quay Road, Ryde, Cross Street, Cowes and Moa Place, Freshwater. While service screens at the council’s car parks were supposed to display its website, hackers changed a number of them to show explicit images. The incident was first reported by the Isle of Wight County Press after it was alerted by its readers. Charge points affected were part of the ChargePoint Genie network, although they were transferred to the GeniePoint network. Speaking on the issue, a council spokesman said: “We are saddened to learn that a third-party web address displayed on our electric vehicle (EV) signage appears to have been hacked.


Almost a Fifth of Global Firms Targeted with Spring4Shell

Permalink - Posted on 2022-04-06 16:00

Security researchers have observed tens of thousands of attempts to exploit the critical new SpringShell (Spring4Shell) vulnerability within days of its publication. Check Point Research claimed to have spotted 37,000 such attempts within the first four days, which it extrapolated to calculate that around 16% of global organizations were affected. Europe accounted for the largest number of incidents (20%) and the software industry was the most affected vertical (28%). There were actually three vulnerabilities found in the open-source Spring Framework late last week, although the main one is CVE-2022-22965 (SpringShell/Spring4Shell), a critical remote code execution (RCE) bug in the Spring Core. It can be exploited if attackers send a specially crafted query to a web server running the Spring Core framework. The other two are thought to be less serious RCE flaws in the Spring Cloud Function (CVE-2022-22963) and the Spring Cloud Gateway (CVE-2022-22947). The seriousness of SpringShell was confirmed when the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its lengthening Known Exploited Vulnerabilities Catalog, meaning all civilian federal agencies are mandated to patch it within a narrow timeframe.


Montana: Kalispell Hospital Sued for Patient Data Breach

Permalink - Posted on 2022-04-06 16:00

A Montana hospital is being sued for a data breach last year that compromised the personal information of over 200,000 patients. The lawsuit filed last month in Flathead County District Court alleges Kalispell-based Logan Health Medical Center lacked adequate cybersecurity to prevent the breach of patient names, phone numbers and insurance information. The named plaintiffs, two former patients, say since late November’s breach they are facing more phishing attempts and decreased credit scores. The plaintiffs say the data breach also puts them at heightened risk of tax fraud and identity theft for the rest of their lives.


63% of Organizations Paid the Ransom Last Year

Permalink - Posted on 2022-04-06 16:00

A record 71% of organizations were impacted by successful ransomware attacks last year, according to a CyberEdge Group report, up from 55% in 2017. Of those that were victimized, 63% paid the requested ransom, up from 39% in 2017.


Texas Department of Insurance Exposed Data of 1.8 Million People

Permalink - Posted on 2022-04-06 15:00

The Texas Department of Insurance recently disclosed a “data security event” that appears to have affected roughly 1.8 million people. The Texas Department of Insurance (TDI) disclosed the incident on March 24, but DataBreaches.net noticed that the Texas Attorney General’s office reported on April 4 that 1.8 million Texans are impacted. The exposed information includes names, addresses, phone numbers, dates of births, and partial or full social security numbers, as well as information about injuries and worker compensation claims.


India: RAT Used to Hijack Superusers at Mahesh Bank, Stole Millions

Permalink - Posted on 2022-04-05 16:00

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 branches and just under $400 million of deposits make it one of India's smaller banks. It certainly thinks small about security – at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021. At least one of those mails succeeded in fooling staff, resulting in the installation of a Remote Access Trojan (RAT). Another technology the bank had chosen not to adopt was virtual LANs, so once the RAT went to work the attackers gained entry to the Bank's systems and were able to roam widely – even in its core banking application. Hyderabad Police's analysis of the attack found that Mahesh Bank had carelessly allowed its population of super-users to reach ten – some with identical passwords. The attackers compromised some of those accounts and gained access to databases containing customer information including account balances.


German Wind Turbine Maker Shut Down After Cyber Attack

Permalink - Posted on 2022-04-05 16:00

A German wind turbine maker was forced to shut down its IT systems across multiple locations and business units after it was hit with a cyberattack on March 31. Nordex designs, sells and manufactures wind turbines, reporting nearly $6 billion in sales in 2021. The incident was first reported by Reuters, and German news outlet Erneuerbare Energien said on Friday that calls to the company’s office returned busy signals. The news outlet also reported that the Nordex website initially said “Due to maintenance work, we are currently unavailable. Please try again later.”


More Than $15 Million Stolen After Hackers Exploit DeFi platform Inverse Finance

Permalink - Posted on 2022-04-05 16:00

An attack on decentralized finance (DeFi) protocol Inverse Finance led to the theft of more than $15 million in cryptocurrency, the company said on Saturday. The company wrote on Twitter that a hacker managed to manipulate its money market, Anchor, and increased the price of INV via Sushiswap – an open-source ecosystem of DeFi tools. INV is an Ethereum token that powers Inverse Finance, a decentralized platform used for lending, borrowing, and creating synthetic assets. The manipulation caused a sharp increase in the price of INV, allowing the hacker to borrow $15.6 million in the DOLA, ETH, WBTC and YFI cryptocurrencies against it. This morning Inverse Finance's money market, Anchor, was subject to a capital-intensive manipulation of the INV/ETH price oracle on Sushiswap, resulting in a sharp rise in the price of INV which subsequently enabled the attacker to borrow $15.6 million in DOLA, ETH, WBTC, & YFI.


Online Fraud Up 233% During Pandemic

Permalink - Posted on 2022-04-05 15:00

The rate of online fraud attacks increased by 233% between 2019 and 2021, according to RiskOps platform, Feedzai. The figure was included in the company's newly released quarterly financial crime report, The RiskOps Age, which is based on analysis of over 18 billion global banking transactions throughout 2021. By identifying trends in consumer spending and fraud attacks and comparing transactional intelligence from 2021 with data gathered during the previous three years, the report sheds light on how financial crime evolved during the global COVID-19 pandemic. A key finding in the report was that while online transactions grew 65%, online fraud attack rates grew by 233%. Alarmingly, fraud targeting digital entertainment increased by 794% from 2019 to 2021. Among the attacks reported at major organizations, Feedzai’s research found 30% of attempted online transactions were fraudulent.


Parker-Hannifin says Hack May Have Accessed Personal Information on Workers

Permalink - Posted on 2022-04-05 15:00

Parker Hannifin Corp. PH, -3.46% said Tuesday a third party breached its systems on March 14, and may have accessed data and personal information of its own employees. In a regulatory filing, the maker of technology for the aerospace and industrial sectors said it is working with law enforcement and cybersecurity experts to determine the extent of the breach. "Based on its preliminary assessment and on the information currently known, the incident has not had a significant financial or operational impact and the Company does not believe the incident will have a material impact on its business, operations or financial results," the company said in the filing. Its business systems are fully operational, it added. Shares were not active premarket but have fallen 12% in the last 12 months, while the S&P 500 SPX, -1.35% has gained 14%.


Block Confirms Cash App Breach After Former Employee Accessed U.S. Customer Data

Permalink - Posted on 2022-04-05 15:00

Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some U.S. customer information. In a filing with the Securities and Exchange Commission (SEC) on April 4, Block — formerly known as Square — said that the reports were accessed by the insider on December 10. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing reads. Block refused to answer our questions about why a former employee still had access to this data, and for how long they retained access after their employment at the company had ended. The information in the reports included users’ full names and brokerage account numbers, and for some customers the accessed data also included brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day. The San Francisco-based company declined to say how many Cash App customers were impacted by the breach but said it’s contacting approximately 8.2 million current and former customers about the incident.


Hackers Breach MailChimp's Internal Tools to Target Crypto Customers

Permalink - Posted on 2022-04-05 15:00

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach. These emails prompted Trezort customers to reset their hardware wallet PINs by downloading malicious software that allowed stealing the stored cryptocurrency. Trezor later shared that MailChimp had been compromised by threat actors targeting the cryptocurrency industry, who conducted the phishing attack.


Ledger Users File a Class-Action Lawsuit Against Shopify Over a Data Breach

Permalink - Posted on 2022-04-05 15:00

The class-action lawsuit was filed at the US District Court of Delaware on April 1. The lawsuit states that Shopify failed to protect the identities of its customers. The plaintiffs hold Shopify and TaskUs, a third-party data consultant, responsible for leaking personally identifiable information (PII) of Ledger customers. The lawsuit further says that Shopify and TaskUs were aware of the data breach for a week before alerting customers. The plaintiffs want Ledger and Shopify to disclose the nature of the leaked information. They also want monetary compensation for the damages. Ledger is added as a defendant in the case, with the plaintiffs saying that the company failed to uphold user security as promised in its marketing. The lawsuit states that Ledger had “initially denied that any compromise of PII had occurred” but later changed the statement and admitted the leak.


Indiana Amends State Data Breach Notification Law

Permalink - Posted on 2022-04-05 15:00

On March 18, 2022, Indiana Governor Eric Holcomb signed into law an amendment to Indiana’s data breach notification statute. The amendment requires notification of a data breach to affected individuals and the Indiana Attorney General without unreasonable delay, but no later than forty-five (45) days after discovery of the breach. The amendment will take effect on July 1, 2022.


The Works Has Been Forced to Close Some Stores Because of a Cyber Attack

Permalink - Posted on 2022-04-05 15:00

A cyber attack has forced arts, crafts, toys, books and stationery retailer The Works to temporarily close several stores, and caused disruption to stock resupplies and delayed deliveries of online orders. The retailer, which has over 500 stores across the UK, says it has been subjected to a "cybersecurity incident involving unauthorised access to its computer systems". As a result of the cyber attack, some stores have been forced to close because of issues with tills, while replenishment of stock has been temporarily suspended. Customers who order items online are experiencing longer waits for their deliveries because of the incident.


49% of Small Medical Practices Don't Have a Cyber Attack Response Pan

Permalink - Posted on 2022-04-05 15:00

Sophisticated cyberattacks are crippling healthcare providers by posing a threat to core functions and patient privacy, according to Software Advice survey. Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. Small practices risk more significant losses in the event of a cyberattack, often due to lack of training and inadequate security technology. The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and FDA recently urged healthcare providers to prepare for cyberattacks as organized criminals are increasingly targeting healthcare practices. According to the survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally. This increases the risk of security vulnerabilities as hackers can infiltrate healthcare providers remotely using deceptive techniques.


Jail Releases 300 Suspects Due to Computer "Glitch"

Permalink - Posted on 2022-04-04 15:00

A Texas jail has ordered the release of nearly 300 defendants after a computer glitch disrupted processing procedures and probable cause hearings. Harris County jail’s cloud-based computer system known as JWEB was knocked offline for two days due to an issue with a system update. Under state law, defendants charged with misdemeanors may not be held for processing for more than 24 hours. For defendants charged with felonies, the cut-off period for processing is 48 hours. Harris County magistrate Courtney St. Julian said the computer system “was not operational from March 24 at around 7 pm until March 26 at around 9 pm.” Harris County officials reportedly said the system had crashed five times since August and that the same issue with processing had arisen on three previous occasions, none of which were reported to the public. The district attorney’s office requested an extension to processing times, but St. Julian denied the request. The Texan reports that individuals arrested on suspicion of theft, making terrorist threats or indecently exposing themselves were among those released because of the outage. Law enforcement agencies have been told by the district attorney’s office that they will need to refile charges for the released defendants and that some individuals must now be re-arrested.


Scottish Power Parent Company Hit by Data Breach

Permalink - Posted on 2022-04-04 15:00

Spanish energy giant Iberdrola has been hit by a cyber-attack that led to a data breach impacting over one million customers, according to local reports. The Bilbao-headquartered parent company of UK provider Scottish Power and others said the attack occurred on March 15 this year. It reportedly resulted in the theft of customer ID numbers, home and email addresses and phone numbers, but not financial information such as bank account details or credit card numbers. However, that’s still enough information for scammers to craft convincing follow-on attacks to elicit more data, including bank details. Iberdrola reportedly warned customers to be on the lookout for potential phishing attempts seeking financial information and passwords.


Emma Sleep Company Admits Checkout Cyber Attack

Permalink - Posted on 2022-04-04 15:00

Emma Sleep Company has confirmed to The Register that it suffered a Magecart attack which enabled ne'er-do-wells to skim customers' credit or debit card data from its website. Customers were informed of the breach by the mattress maker via email in the past week, with the business saying it was "subject to a cyber attack leading to the theft of personal data" but not specifying in the message when it discovered the digital burglary. "This was a sophisticated, targeted cyber-attack on the checkout process on our website and personal information entered, including credit card data, may have been stolen, whether you completed your purchase or not," the email to customers states. The company confirmed to us it was a Magecart attack via the ubiquitous Adobe Magento e-commerce platform.


Monetary Penalties Issued to Spanish Telecoms Over Failure to Protect Consumers from Sim Swapping

Permalink - Posted on 2022-04-04 15:00

Last year the Spanish DPA tackled sim swapping cases and issued monetary penalties to four telecoms for failure to adequately protect the confidential information of consumers, resulting in loss of service to consumers, but also leaving them victims or potential victims of bank fraud. Four decisions have now been posted on the EDPB website. Decision: Imposition of a fine of 3.940.000’00 euros for the violation. The penalty also included a fine for a second finding that they had not implemented an effective GDPR compliance and management model to avoid the risk of identity thef. Spanish SA imposes a fine on Vodafone España, for a loss of confidentiality related to mobile phone sim card duplicate and a lack of accountability: Decision: Imposition of a fine of 3.940.000’00 euros for the violation. The penalty also included a fine for a second finding that they had not implemented an effective GDPR compliance and management model to avoid the risk of identity theft; Spanish SA imposes a fine on Orange Espagne, for a loss of confidentiality related to mobile phone sim card duplicate: Decision: Imposition of a fine of 700,000 euros; Spanish SA imposes a fine on Xfera Móviles, for a loss of confidentiality related to mobile phone sim card duplicate: Decision: Imposition of a fine of 200,000 euros; Spanish SA imposes a fine on Orange España Virtual, for a loss of confidentiality related to mobile phone sim card duplicate: Decision: Imposition of a fine of 70.000 euros


Spokane Regional Health District Announces Second Phishing Attack in 3 Months

Permalink - Posted on 2022-04-01 17:00

Spokane Regional Health District (SRHD) in Washington has once again fallen victim to a phishing attack. For the second time this year, the health district has announced patient data has potentially been compromised after an employee responded to a phishing email. On March 24, 2022, SRHD announced that its IT department discovered a compromised email account, with the investigation recently confirming that the employee responded to a phishing email on February 24, 2022, and disclosed credentials that allowed the account to be accessed. Last week, SRHD confirmed that the email account contained the protected health information of 1,260 individuals. That information may have been ‘previewed’ by an unauthorized individual, although no evidence was found to suggest information had been accessed or downloaded. Information in the account included names, birth dates, service dates, source of referral, provider hospital name, diagnosing state, whether the patient had been located, date located, patient risk level, staging level, how medications were collected, test type, test result, treatment information, medication information, delivery dates and any treatments provided to the baby, diagnostic information, medical information, and client notes.


SolarWinds Can't Dodge Investor Suit Over Massive Cyber Attack

Permalink - Posted on 2022-04-01 17:00

An Austin-based tech company may be liable to investors after it suffered a major security breach that caused its stock price to plummet, a federal judge ruled. Although that company, SolarWinds, was itself a victim of the breach, the company may have acted recklessly in protecting its software, U.S. District Judge Robert Pitman held late Wednesday. The Barack Obama appointee said SolarWinds may have also misled investors by misrepresenting its cybersecurity efforts. Pitman’s order offered no definitive findings of wrongdoing by SolarWinds. Instead, the judge found investors had made plausible allegations and that claims could proceed against the company, its vice president of security and two top investment firms.


Philippines: Smartmatic Admits Data Leak

Permalink - Posted on 2022-04-01 17:00

The country’s major provider for the upcoming 2022 automated elections, has admitted data leak from its system but assured that it is not related to the polls, Commission on Elections (Comelec) chairperson Saidamen Pangarungan said Friday, April 1, 2022. Pangarungan said that according to the firm's officials, the data leak concerns their internal organization and activities.


LockBit Victim Estimates Cost of Ransomware Attack to be $42 Million

Permalink - Posted on 2022-04-01 16:00

Atento, a provider of customer relationship management (CRM) services, has published its 2021 financial performance results, which show a massive impact of $42.1 million due to a ransomware attack the firm suffered in October last year. More specifically, the disruption caused by the cyberattack affected the company's Brazil-based operations, resulting in a revenue loss of $34.8 million and an additional $7.3 million in costs related to mitigating the impact of the incident. These costs include fees related to bolstering security, protecting data, timely threat detection, and implementing effective remediation measures.


Automaker Cyber Security Lagging Behind Technology Adoption

Permalink - Posted on 2022-03-31 16:00

A pair of recent vulnerabilities found in the automaker ecosystem might not seem like a real danger taken separately. But experts warn a lack of attention on cybersecurity could plague “smart” car and electric vehicle systems — and users — in years to come, as the use of automotive technology continues to explode. One bug was recently found in the communications between the remote keyless entry function on Honda and Acura cars. Easily intercepted radio signals from the wireless entry key fob on almost any Honda and Acura vehicle could allow a threat actor to lock and unlock, and even start the car, according to a new disclosure from a pair of researchers.


CSI Laboratories and Christie Clinic Report Data Breaches

Permalink - Posted on 2022-03-31 16:00

Cytometry Specialists, Inc. doing business as CSI Laboratories in Alpharetta, GA, has recently announced it was the victim of a cyberattack that was discovered on February 12, 2022. An investigation was launched which confirmed that files containing limited patient data were exfiltrated from its systems, which mostly contained patient names and case numbers used for identifying patients, but for limited patients also included addresses, dates of birth, medical record numbers, and health insurance information. CSI Laboratories said in its web notification that at this stage of the investigation there does not appear to have been any misuse of patient data. While CSI Laboratories did not disclose the nature of the cyberattack, the Conti ransomware gang has claimed responsibility and has published a sample of the exfiltrated data on its data leak site. CSI Laboratories said it has now brought its system back online and it is monitoring its network closely for unusual activity. There was no mention made about any ransom being paid. The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.


Hive Claims Partnership HealthPlan of California as a Victim

Permalink - Posted on 2022-03-31 16:00

Partnership HealthPlan of California recently became aware of anomalous activity on certain computer systems within its network. We are working diligently with third-party forensic specialists to investigate this disruption, safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation. Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines. We appreciate your patience and understanding and apologize for any inconvenience.


Australia's Second Tranche of Cyber Laws Passes Both Houses

Permalink - Posted on 2022-03-31 16:00

Critical infrastructure entities will now be required to maintain a risk management program, which Home Affairs has said, on average, will cost organisations a one-off AU$9.7 million for setting it up and an annual ongoing cost of AU$3.7 million. Along with enhanced cybersecurity obligations, the critical infrastructure reforms will require critical infrastructure entities to maintain a risk management program for identifying hazards to critical infrastructure assets and the likelihood of them occurring. In addition, entities will have to submit an annual report about the risk management program and if any hazards had a significant impact on critical infrastructure assets.


Globant Admits to Data Breach After Lapsus$ Releases Source Code

Permalink - Posted on 2022-03-31 16:00

Globant has admitted to a data breach after notorious hacking group Lapsus$ allegedly leaked the firm's source code. Globant is an IT and software development giant. Founded in 2003, the company caters to a global customer base and operates Globant X, an innovation incubator. On March 30, Lapsus$ came back from a 'vacation' with a new victim pinned in the hacking group's Telegram chat: Globant. The cybercriminals are alleged to have compromised the tech giant's system, stealing credentials and intellectual property. Lapsus$ then published a torrent containing approximately 70GB of data, allegedly including source code belonging to their latest victim.


Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Permalink - Posted on 2022-03-30 17:00

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order. Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests. Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.


Canada: Newfoundland Cyber Attack Wrecks Medical System

Permalink - Posted on 2022-03-30 17:00

The investigation into the cyberattack on Newfoundland and Labrador's health-care system in October has revealed more data was stolen than originally thought, says the provincial government. According to Eastern Health CEO David Diamond, the provincial government learned Feb. 25 that thieves had taken more information than they had previously reported. But that didn't become public until a media briefing Wednesday morning, when Diamond said more than 200,000 files were taken from an Eastern Health network drive that might contain patient and employee information dating as far back as 1996. Initial reports indicated the breach on Eastern Health employee data reached back as far as 2008.


A Third of U.K. Businesses Experience Cyber Attacks at Least Once a Week

Permalink - Posted on 2022-03-30 17:00

Around a third (31%) of businesses experience cyber-attacks or breaches at least once a week, according to new figures published in the UK government’s Cyber Security Breaches Survey 2022 report. Over a quarter (26%) of charities also reported being hit by attacks at least once a week, and the government is urging all organizations to strengthen their cybersecurity practices in response to the growing threat landscape. The annual survey of UK businesses, charities and education institutions found that around two in five (39%) companies and roughly a third (30%) of charities experienced breaches or attacks in the past 12 months. This is a similar proportion to that reported in last year’s survey. One in five businesses (20%) and charities (19%) admitted they experienced a negative outcome as a direct consequence of a cyber-attack. Of the 39% of businesses that identified attacks, by far the most common threat vector was phishing (83%). Around one in five (21%) of these firms identified more sophisticated attack types like denial of service, malware or ransomware. The average estimated cost of all cyber-attacks was £4200 in the past 12 months. However, for medium and large firms, this cost surged to £19,400. Encouragingly, the report revealed that UK organizations are placing increased attention on the security of supply chains and digital services following numerous high-profile incidents in the past year, such as the Kaseya and Colonial Pipeline attacks. For example, 82% of senior managers now view cybersecurity as a ‘very high’ or ‘fairly high’ priority, significantly up from 77% in 2021. However, while two in five (40%) of businesses and a third (32%) of charities use at least one managed service provider, just 13% of companies reviewed the risks posed by immediate suppliers. The report also found that under a fifth (19%) of businesses have a formal incident response plan, while 39% have assigned roles should an incident occur.


Ransomware Attack Affects 85,282 Law Enforcement Health Benefits Members

Permalink - Posted on 2022-03-30 17:00

Law Enforcement Health Benefits, Inc. (LEHB) has recently announced that it was the victim of a ransomware attack that was detected on September 14, 2021. External cybersecurity professionals were engaged to assist with the investigation and remediation efforts, and a manual review of files on the affected parts of the network was conducted. That process concluded on February 25, 2022, when it was confirmed that files containing the personal and protected health information of plan members had been exfiltrated from its network. LEHB said the following types of information had been compromised: names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, health insurance information, medical record numbers, patient account numbers, and diagnosis/treatment information.


LAPSUS$ Claims to Have Breached IT Firm Globant; Leaks 70GB of Data

Permalink - Posted on 2022-03-30 17:00

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as of writing – posting images of extracted data and credentials belonging to the company's DevOps infrastructure. The screenshots depict a folder listing for what appears to be different companies from across the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Facebook, Stifel, among others. Also shared is a torrent file purported to contain around 70GB of Globant's source code as well as administrator passwords associated with the firm's Atlassian suite, including Confluence and Jira, and the Crucible code review tool.


Shutterfly Discloses Data Breach After Conti Ransomware Attack

Permalink - Posted on 2022-03-30 17:00

Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack. Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch. Today, Shutterfly disclosed that its network was breached on December 3rd, 2021, due to a ransomware attack. During ransomware attacks, threat actors will gain access to a corporate network and steal data and files as they spread throughout the system. Once they gain access to a Windows domain controller, and after harvesting all valuable data, they deploy their ransomware to encrypt all network devices. According to Shutterfly's data breach notification, the Conti threat actor deployed the ransomware on December 13th, 2021, when the company first became aware that they were compromised.


Cyber Extortion Surges 78% as Ransomware as a Service Spreads

Permalink - Posted on 2022-03-30 17:00

CFOs and their C-suite colleagues last year faced a record onslaught of cybercrime, according to the FBI. Ransomware, "business email compromise" schemes and the criminal use of cryptocurrency were the leading causes of internet crime complaints to the FBI last year, pushing up reported abuses 7% compared with 2020 to a record 847,376. Potential losses exceeded $6.9 billion, the FBI said in a report. "Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication," the FBI said. The frequency of ransomware attacks has increased "exponentially" in recent decades, in part because of the rise of cryptocurrencies, according to the Senate Committee on Homeland Security and Governmental Affairs. It cited estimates by a cybersecurity company that there were 623 million such attacks worldwide in 2021. U.S. companies last year were the No. 1 target of ransomware hackers, facing 421 million attempted breaches, an increase of 98% compared with 2020, the Senate committee said in a report.


Network Cavity Blamed for Data Breach at Japanese Candy Maker Morinaga

Permalink - Posted on 2022-03-30 17:00

Japanese confectionary manufacturer Morinaga has warned that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers. Potentially exposed information includes the names, addresses, telephone numbers,
 dates of birth, purchase histories, and, in fewer than 4,000 instances, email addresses of affected Morinaga Direct customers. The firm fears that attackers accessed several servers managed by the vendor after exploiting vulnerabilities in its network.


Security Incidents Reported to FCA Surge 52% in 2021

Permalink - Posted on 2022-03-29 16:00

The number of cybersecurity incidents reported to the UK’s financial regulator surged by over 50% last year after a significant increase in cyber-attacks, according to new figures from Picus Security. The security vendor submitted Freedom of Information (FoI) requests to the Financial Conduct Authority (FCA) to compile its latest report, Cybersecurity Incidents in the UK Financial Sector. The 52% year-on-year increase in “material” security incidents reported to the FCA seems to have been driven by cyber-attacks, which comprised nearly two-thirds (65%) of these reports. Picus Security claimed that the rest are likely explained by “system and process failures and employee errors.” In addition, a third of incident reports were about corporate or personal data breaches, and a fifth involved ransomware. Picus Security explained that to qualify as a material incident, there needs to have been a significant loss of data, operational IT outages, unauthorized IT access, and/or an impact on a large number of customers. The FCA fielded a total of 116 such reports in 2021, up from 76 in 2020 and 106 in 2019.


Dental Practice Fined for Sharing Patient Data on Social Media

Permalink - Posted on 2022-03-29 16:00

A dental practice in North Carolina has been slapped with a hefty fine after disclosing a patient’s protected health information (PHI) online. The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) launched an investigation into Dr. U. Phillip Igbinadolor, DMD. & Associates, PA, (UPI), in 2015 after receiving a complaint from a male patient. The patient visited UPI’s office in Charlotte for dental treatment twice between October 2013 and March 2014. On or around September 28 2015, the patient left a negative review of UPI on the dental practice’s Google page, using a pseudonym to mask his identity. UPI posted a response to the review, dismissing the patient’s accusations as “unsubstantiated accusations.” When posting the response, the dental practice named the patient, the symptoms the patient had experienced and the treatment recommended but not provided to him. The response, which included three mentions of the patient’s full name, also featured the condescending and derogatory statement: “From the foregoing, it’s obvious that [Complainant’s full name] level of intelligence is in question and he should continue with his manual work and not expose himself to ridicule.”


82% of Public Sector Applications Contain Security Flaws

Permalink - Posted on 2022-03-29 16:00

More than four-fifths (82%) of public sector applications have security flaws, the highest proportion of any industry, according to a new study from Veracode. The researchers also found that the public sector takes around twice as long to fix flaws once detected compared to other industries. In addition, 60% of flaws in third-party libraries in the public sector remain unfixed after two years. This is double the time frame of other industries and 15 months behind the cross-industry average. The report was based on an analysis of data collected from 20 million scans across half a million applications in the public sector, manufacturing, financial services, retail & hospitality, healthcare and technology. The public sector also had the joint lowest vulnerability fix rate of all industries, at 22%. The researchers said the findings suggest that public sector entities are particularly vulnerable to software supply chain attacks like SolarWinds and Kaseya, leading to huge disruptions and compromising critical data. Encouragingly, the report did find public sector organizations have made significant improvements in tackling high severity flaws. According to the analysis, high-level flaws only appear in 16% of public sector applications and the total number has decreased by 30% in the past year. The researchers believe this suggests new government cybersecurity initiatives, such as US President Joe Biden’s executive order last year mandating cybersecurity practices, such as zero trust, and the UK government’s recent cybersecurity strategy, which focuses on enhancing the security of the nation’s public services, are having a positive impact.


Payments to Begin for UPMC Employees Who Fell Victim to Data Breach

Permalink - Posted on 2022-03-29 16:00

UPMC on Thursday will begin making payments to 66,000 employees who were victims of a 2014 data breach — as part of a settlement approved late last year. Employees were notified via an email on Monday that they will receive a payment notification with a link to claim it electronically. They are expected to receive between $10 and $20. UPMC did not immediately respond for a request for comment. Several employees filed a class-action lawsuit against UPMC in February 2014 after they learned that the health care giant’s payroll system had been breached and their personal data stolen. They alleged negligence and breach of contract, claiming that UPMC had a duty to protect the information. A federal investigation showed that Justin Sean Johnson, an expert in the PeopleSoft software used by UPMC, was able to hack their employee database. He took the employees’ personal information and sold it on the dark web. Ultimately, according to the U.S. Attorney’s office, hundreds of false tax returns, totaling more than $1.7 million, were filed based on the breach.


Network Cavity Blamed for Data Breach at Japanese Candy Maker Morinaga

Permalink - Posted on 2022-03-29 17:00

Japanese confectionary manufacturer Morinaga has warned that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers Potentially exposed information includes the names, addresses, telephone numbers,
 dates of birth, purchase histories, and, in fewer than 4,000 instances, email addresses of affected Morinaga Direct customers. The firm fears that attackers accessed several servers managed by the vendor after exploiting vulnerabilities in its network.


Axie Infinity's Ronin Bridge Hacked for Over $600 Million

Permalink - Posted on 2022-03-29 16:00

ccording to Axie Infinity's official Discord and Ronin Network's official Twitter thread, along with its Substack page, the Ronin bridge and Katana Dex have been halted after suffering an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC), worth a combined $612 million at Tuesday's prices. In a statement, its developers said they are "currently working with law enforcement officials, forensic cryptographers and our investors to make sure that all funds are recovered or reimbursed. As told by Ronin developers, the attacker used hacked private keys in order to forge fake withdrawals, draining the funds from the Ronin bridge in just two transactions. More importantly, the hack occurred on March 23 but was only discovered on Tuesday after a user allegedly uncovered issues after failing to withdraw 5,000 in ETH from the Ronin bridge. At the time of publication, RON, Ronin's primary governance token, has fallen nearly 20% to $1.88 in the past hour.


Ransomware Payments: Here's How Much Falling Victim Will Now Cost

Permalink - Posted on 2022-03-28 17:00

The average ransom demand made following a ransomware attack has risen to $2.2 million as cyber criminals are becoming bolder and have a bigger impact on the businesses they're targeting. The amount ransomware attackers are demanding has more than doubled since 2020, when the average ransom demand for a decryption key stood at $900,000, The figures comes from cybersecurity researchers at Palo Alto Networks, who analyzed ransomware incident response cases they were involved in during 2021. While the final ransom payments are often much less than the initial ransom demands, they've also risen significantly in reason years. During 2020, the average ransom paid was just over $300,000, which rose to $541,000 in 2021. Analysis of incidents suggests that for those businesses which paid a ransom when the attackers initially demanded over $3 million, the average amount paid was 43% of the ransom demand – but some cyber criminals managed to blackmail victims into paying almost the full amount they first asked for.


Washington Health District Suffers Another Data Breach

Permalink - Posted on 2022-03-28 17:00

A Health District in the State of Washington has made its second data breach announcement of 2022. Both data breaches at the Spokane Regional Health District (SRHD) occurred when employees fell victim to phishing attacks. On January 24, the district confirmed that personal data may have been compromised when an unauthorized individual compromised an employee's email account on December 21 2021. An internal investigation concluded that while no documents appeared to have been opened, accessed, or downloaded, the attacker may have 'previewed' clients' protected health information (PHI). The potential disclosure may have affected 1,058 individuals and involved data including names, dates of birth, case numbers, counselor's names, test results and dates of urinalysis, medication received and date of last dose. In a written statement issued in January, SRHD deputy administrative officer Lola Phillips said that the district had secured the email account and reinforced "cybersecurity training with staff that contains the use of multi-factor authentication and performing additional testing on the system." Despite these efforts, SRHD recently reported a second data breach caused by the opening of a phishing email by a district employee on February 24. This latest breach may have exposed the information of 1,260 individuals from two unidentified departments in the district. Information which may have been involved in the second breach includes names, dates of birth, phone numbers, medications, medical conditions and test results.


Oklahoma City Indian Clinic Impacted by Suncrypt's Ransomware Attack

Permalink - Posted on 2022-03-28 17:00

The Oklahoma City Indian Clinic (OKCIC) serves 20,000 patients from more than 200 different Native American tribes. A note on their website and their Twitter account currently apologizes that due to technological issues. The explanation for the “technological issues” appears to be a ransomware attack by Suncrypt, who have added the clinic to their dedicated leak site. Suncrypt claims that they have acquired 350GB+ of files including electronic health records databases and financial documents.


Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool

Permalink - Posted on 2022-03-28 17:00

Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy. This certificate is now expired but we see evidence it was in use with this malware in June 2020.


Ransomware Attacks Soar by 100% in 2021

Permalink - Posted on 2022-03-28 17:00

The number of ransomware attacks reported to the UK’s data protection regulator more than doubled between 2020 and 2021 as the pandemic raged, according to a new analysis. The study from international law firm RPC found that the number of incidents handled by the Information Commissioner’s Office (ICO) rose from 326 in 2020 to 654 in 2021. The verticals most frequently impacted by attacks in 2021 were: finance, insurance and credit (103), and education and childcare (80). Organizations that handle sensitive financial data are most at risk of being singled out by ransomware threat actors, RPC warned.


Horizon Actuarial Services Reports Data Theft and Extortion Incident

Permalink - Posted on 2022-03-28 17:00

Horizon Actuarial Services (HAS) has recently announced a security breach and the theft of the personal data of members of benefits plans to whom it provides technical and actuarial consulting services, including the Local 295 IBT Employer Group Welfare Fund and the Major League Baseball Players Benefit Plan. HAS said it received an email on November 12, 2021, from a cyber actor who claimed to have stolen the personal data of plan members from its computer servers. Steps were immediately taken to secure its servers to prevent any further unauthorized access, and a computer forensics firm was engaged to investigate the potential security breach and determine the legitimacy of the email. HAS confirmed that two servers had been accessed between November 10 and 11, 2021, and files containing names, dates of birth, Social Security numbers, and health plan information had been stolen. HAS said it negotiated with the cyber actors and made a payment in exchange for an agreement that the stolen data would be deleted and would not be distributed or misused.


New York: Data of More Than 800,000 NYC Public School Students Compromised in Data Hack

Permalink - Posted on 2022-03-28 17:00

In what may be the largest breach of student data in U.S. history, personal information for roughly 820,000 current and former New York City public school students has been compromised, NBC New York has confirmed. According to the city's Department of Education, the breach occurred in January when an online grading system and attendance system used by many public schools was hacked. Education officials blasted Illuminate Education, the California-based company behind the system, claiming it fudged its cybersecurity protocols. The company has not disclosed what, if anything, had been done with the data. The Department of Education is asking the NYPD, FBI and state attorney general's office to investigate the hack.


Cyber Criminals Launched 9.75 Million DDoS Attacks in 2021

Permalink - Posted on 2022-03-28 17:00

During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.


Horizon Actuarial Services Reports Data Theft and Extortion Incident

Permalink - Posted on 2022-03-25 19:00

Horizon Actuarial Services (HAS) has recently announced a security breach and the theft of the personal data of members of benefits plans to whom it provides technical and actuarial consulting services, including the Local 295 IBT Employer Group Welfare Fund and the Major League Baseball Players Benefit Plan. HAS said it received an email on November 12, 2021, from a cyber actor who claimed to have stolen the personal data of plan members from its computer servers. Steps were immediately taken to secure its servers to prevent any further unauthorized access, and a computer forensics firm was engaged to investigate the potential security breach and determine the legitimacy of the email. HAS confirmed that two servers had been accessed between November 10 and 11, 2021, and files containing names, dates of birth, Social Security numbers, and health plan information had been stolen. HAS said it negotiated with the cyber actors and made a payment in exchange for an agreement that the stolen data would be deleted and would not be distributed or misused.


Texas: Val Verde Regional Medical Center Patient Data Dumped by LockBit

Permalink - Posted on 2022-03-25 19:00

Val Verde Regional Medical Center (VVRMC) appears to have been the victim of a ransomware attack involving LockBit. According to LockBit, Val Verde Memorial Hospital was compromised and 96,000 patient records were exfiltrated. The listing was added to the leak site on March 16, with LockBit noting that the patient records had the following table format: PatientID|AccountNo|MRN|FirstName|MiddleName|LastName|Email|Address1|Address2|City|State|Phone|Mobile|Pager|Zip|DOB|SSN|Gender|Status|Type|Emp Name|Emp Addr 1|Emp Addr 2|Emp City|Emp State|Emp Zip|Emp Phone|PCP|Marital|GuarantorName|GuarantorDOB|Guarantor Relation|ReferringDR|RenderingDR|Notes - The March 16 listing provided examples of patient records.


Hong Kong Electoral Office Sends Details of 15,000 Voters to Random Email

Permalink - Posted on 2022-03-25 19:00

Hong Kong’s electoral office has apologised after an employee failed to follow guidelines and sent the personal details of about 15,000 voters to a random email address. The Registration and Electoral Office (REO) on Friday said the staff member intended to send files containing electors’ particulars to her personal email address on March 23. An investigation found she typed in an incorrect email address and sent the data to the unknown recipient.


Indiana Amends Breach Notification Law to Require Notification Within 45 Days

Permalink - Posted on 2022-03-25 19:00

Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the computer system; (2) necessary to discover the scope of the breach; or (3) in response to a request from the attorney general or a law enforcement agency to delay disclosure because disclosure will: (A) impede a criminal or civil investigation; or (B) jeopardize national security.” Ind. Code § 24-4.9-3-3 (2022)


Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Permalink - Posted on 2022-03-25 19:00

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing or handing over sensitive information such as banking or login credentials. The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info. After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.


IT outage at Scotland's Heriot-Watt University Enters Second Week

Permalink - Posted on 2022-03-25 19:00

Edinburgh's Heriot-Watt University has entered a second week of woe following a vist by an infosec nasty. The 200-year-old institution's IT team first referred to the crisis as a "security incident" but a spokesperson confirmed to The Register that it was a cyber attack. A week on, things remain resolutely broken. VPN? Down. Oracle R12 Finance System? Down. Staff shared areas? Down. Even staff and student directories remain unavailable, hinting at some severe trouble within the university's on-premises infrastructure.


Scripps Health Faces Lawsuit Over Kronos Data Breach

Permalink - Posted on 2022-03-25 19:00

mployees proposed a class-action lawsuit against Scripps Health, alleging that the San Diego health system failed to accurately log employee hours in the aftermath of the Kronos data breach in December. On March 15, NBC San Diego reported that Scripps Health nurses were finally receiving checks for overtime hours worked months ago. The report said that it would be months before the employees would be paid in full for hours they worked in December and January. Kronos, an HR management solutions provider, fell victim to a ransomware attack on December 11 that impacted Kronos Private Cloud customers across multiple industries. UMass Memorial Health, Allegheny Health Network, Care New England, Ascension St. Vincent Hospital, and many other healthcare organizations found themselves implicated in the breach.


Lawsuit Claims Kronos Breach Exposed Data for Millions

Permalink - Posted on 2022-03-25 19:00

A class-action lawsuit against Ultimate Kronos Group claimed the company's recent ransomware attack exposed the personal data of millions of customer employees. The lawsuit against UKG, which was filed on March 4, slammed the payroll service provider for its response to a ransomware attack in December. The attack disrupted the Kronos Private Cloud and knocked client payroll systems and other services offline for an extended period of time. At the time of the attack, UKG informed customers that may have had data exposed by the incident but could not yet confirm the extent. In some cases, it was weeks or months before victims knew if their information was secure.


Investment Fraud Surges as Cyber Crime Losses Hit $7 Billion in 2021

Permalink - Posted on 2022-03-24 16:00

Cybercrime cases reported to the FBI last year racked up nearly $7bn in losses in 2021, with business email compromise (BEC) still by far the biggest money-maker for criminals. The FBI’s latest Internet Crime Report for last year was compiled from cases reported to its Internet Crime Complaint Center (IC3) over the period. It found BEC cost victims nearly $2.4bn, up from last year’s $1.9bn but a smaller share of the total $6.9bn in losses in 2021. While BEC now represents around a third of total losses, down from nearly half, investment fraud has surged into second place with victim losses of almost $1.5bn last year, around a fifth of the total. This is up significantly from the $336m lost to these scams in 2020, which represented just 8% of total cybercrime losses that year. It also saw investment fraud leapfrog romance scams, which made around $956m for criminals in 2021.


Ransomware Payments Hit Record Highs in 2021

Permalink - Posted on 2022-03-24 16:00

Ransomware payments hit record highs last year, while related data leaks and ransom demands also surged, according to Palo Alto Networks. The security vendor compiled the stats from cases worked on by its Unit 42 security consulting business. Its 2022 Unit 42 Ransomware Threat Report published today claimed the average ransomware payment rose 78% year-on-year in 2021 to reach a record $541,010. Average ransom demands soared by 144% to reach $2.2m. The prolific Conti group was responsible for most of the cases Unit 42 worked on last year, roughly a fifth of the total, followed by REvil, Hello Kitty and Phobos. Conti was also the biggest leaker of stolen data, posting the names of 511 organizations on its dark web site. This helped to drive posts on name-and-shame sites by 85% year-on-year in 2021, according to the report.


Patient Data Stolen in July 2021 Cyberattack on Chelan Douglas Health District

Permalink - Posted on 2022-03-24 16:00

Chelan Douglas Health District in East Wenatchee, WA, has announced it was the victim of a cyberattack in July 2021 in which the personal and protected health information of patients was exfiltrated from its systems. The breach notice uploaded to Chelan Douglas Health District website does not disclose when the breach was detected but says a third-party cybersecurity company was engaged to investigate the cyberattack and confirmed that its network was accessed by unauthorized individuals between July 2 and July 4, 2021. A representative for the health district said this was not a ransomware attack. The review of the files that were removed from its systems was completed on February 12, 2022, and confirmed the following types of patient data had been stolen: Names, Social Security numbers, dates of birth/death, financial account information, treatment information, diagnosis information, medical record/ patient numbers, and health insurance policy information.


Cyber Attacks from Chinese IPs Surge During Ukraine Invasion

Permalink - Posted on 2022-03-24 16:00

Check Point Research (CPR), the research wing of the cybersecurity software firm Check Point, has observed an increase in cyberattacks aimed at NATO countries. Examining the trend before and after Russia’s invasion of Ukraine, it was found that cyberattacks from Chinese IP addresses jumped by 116 per cent on NATO countries and 72 per cent worldwide last week, in comparison to the figure before the conflict. CPR could not attribute the attacks to Chinese entities, but it has indicated it is likely that hackers within China and abroad are increasingly using Chinese IPs to launch cyberattacks after the beginning of the Russia-Ukraine conflict. According to CPR, worldwide attacks from Chinese IPs are increasing steadily, with attacks increasing 60 per cent last week compared to the first three weeks of the conflict. The same is true for attacks on NATO countries with Chinese IPs carrying out 86 per cent higher attacks last week.


Okta Revises LAPSUS$ Impact Upwards to Potentially 2.5% of Customers

Permalink - Posted on 2022-03-23 16:00

Okta has again updated its blog post related to the LAPSUS$ intrusion from January first revealed by the hacking gang on Tuesday. "After a thorough analysis of these claims, we have concluded that a small percentage of customers -- approximately 2.5% -- have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly," Okta CSO David Bradbury said. "If you are an Okta customer and were impacted, we have already reached out directly by email." Earlier this month in its fourth-quarter results, the company said it had 15,000 customers, of which 2.5% is 375.


Fastest Ransomware Encrypts 100,000 Files in Four Minutes

Permalink - Posted on 2022-03-23 16:00

Network defenders have just 43 minutes to mitigate ransomware attacks once encryption has begun, a new study from Splunk has warned. The security monitoring and data analytics vendor evaluated the speed at which 10 ransomware variants encrypt data to compile its report, An Empirically Comparative Analysis of Ransomware Binaries. Using a controlled Splunk Attack Range lab environment, the firm executed 10 samples of each of the 10 variants on four hosts – two running Windows 10 and the other two running Windows Server 2019. It then measured the speed at which the ransomware encrypted nearly 100,000 files, totaling almost 53GB. LockBit came out fastest, with speeds 86% faster than the median of 43 minutes. The fastest LockBit sample encrypted 25,000 files per minute.


Background Check Company Sued Over Data Breach

Permalink - Posted on 2022-03-22 18:00

Four parallel data breach lawsuits have been filed against a 45-year-old background check services company based in Massachusetts. Creative Services, Inc. (CSI), located in Mansfield, provides background screening, drug testing and security consulting services to employers, institutions and governments in the United States and overseas. According to an official filing by the company, on November 26 2021, CSI detected suspicious activity on its computer systems. The company then learned that an unauthorized individual had gained access to the company’s network and may have copied certain files dating from November 2018 to November 2021. By the end of January 2022, an investigation into the activity had revealed that personal identifying information (PII) belonging to CSI’s clients had been compromised in the security incident. Data impacted by the incident included names, dates of birth, financial account numbers, Social Security numbers and driver’s license numbers. In February 2022, CSI began mailing out data breach notification letters to individuals whose information was contained in the breached files. As many as 164,673 individuals may have been impacted by the breach.


Japanese Medical Online Consultation Site Leaking Consumer-Submitted Images of Symptoms

Permalink - Posted on 2022-03-22 18:00

After multiple unsuccessful attempts to get a popular Japanese medical online consultation site to secure a misconfigured bucket, researchers at SafetyDetectives have decided to publicly disclose the leak. Doctors Me provides customers with on-demand access to professional medical advice. People can sign up for a monthly unlimited access plan (for less than $3.00 per month) or a per consultation plan with specified experts. The patients can use the service anonymously, but in uploading pictures or details about themselves or their children, they may reveal identifying information. Some of the image files reportedly provide sufficient views to be able to identify some patients or children. When first discovered, the misconfigured bucket contained more than 300,000 image files. SafetyDetectives could not provide a firm count of how many unique consumers had personal information exposed, but estimate that there are at least 12,000 unique individuals represented. The misconfigured bucket was discovered on November 11, 2021. SafetyDetectives notified Doctors Me the same day and sent a follow-up message to the firm and the Japanese Computer Emergency Response Team (CERT) on November 21. On November 25, they sent a second notice to CERT and also contacted Amazon AWS. On December 15 and January 10, they sent more notifications to Japanese CERT. On January 11, CERT informed SafetyDetectives that they contacted Amazon AWS. Despite SafetyDetectives’ efforts, the bucket still has not been secured. Although Amazon will reach out to let their customers know if they receive reports of unsecured buckets, the responsibility to secure the bucket remains with the customer. SafetyDetectives could not determine when the bucket was first exposed. Nor could it determine how many individuals or scrapers might have accessed the exposed files. The oldest file in the bucket reportedly dates to 2015, and the bucket was still being updated at the time of discovery. A spokesperson for SafetyDetectives informed DataBreaches.net that they never received any response at all from Doctors Me.


Missouri: OAM Obtains Document Detailing Cost of City of Joplin Data Breach

Permalink - Posted on 2022-03-22 18:00

Eight months ago the City of Joplin fell victim to a data breach. Now, we’re learning what the cost of that breach was. In July of last year, the City of Joplin had what they called a “network security incident”. It ultimately shut down city phones, online services, and someone outside managed to take files out of the city’s network. That impacted employees, as some employer-sponsored health plan files were taken, and some residents were affected as well, as sewer bill files were also impacted. Ultimately, a security firm was hired to solve the problem, and a ransom was paid. The City did not disclose those costs. Earlier this year, we took a look at budget amendments passed by council following the data breach. One amendment, had an unusually high amount for the city’s “General Liability Insurance Fund.” KOAM requested documents related to that fund and those documents disclosed the cost of the breach. The city paid a ransom of just over $338,000 via a wire transfer service. That’s where the city’s General Liability Insurance Fund comes in, as it covers just over $313,000 of that cost with a $25,000 deductible. While that cost is covered by insurance, there are four firms that were paid for services related to the data breach, which, according to the document obtained by KOAM, are not covered by insurance. Stronghold Data, BakerHostetler, TracePoint, and E.S.R.I., all received payments from the city related to the breach. Those costs total an additional $322,000. We reached out to the city regarding those costs and how they were paid. We had additional questions regarding the data breach, but the city declined to answer our questions. However, based on the document KOAM received, there’s $322,000 of tax payer money that was spent for the data breach, that’s not accounted for by insurance. The total cost of the breach was more than $635,000.


APAC Firms See Need to Train Staff in Digital Skills, But Few Actually Do So

Permalink - Posted on 2022-03-22 19:00

Some 97% of organisations across seven Asia-Pacific markets, including Singapore and Australia, recognise the need to train their employees in digital skillsets, with cloud and cybersecurity the top-most in demand, but just 29% have implemented plans to do so.


Scottish Mental Health Charity Devastated by Heartless RansomEXX Ransomware Attack

Permalink - Posted on 2022-03-22 18:00

Scottish mental health charity SAMH has announced that it has been left "devastated" by a ransomware attack that has seen personal information spilled out onto the net. RansomEXX ransomware gang has seen fit to publish on the dark web 12GB of data stolen from the Scottish charity, including unredacted photographs of individuals' driving licences, passports, personal information such as volunteers' home addresses and phone numbers, and - in some cases - even passwords and credit card details.


Greece's Public Postal Service Offline Due to Ransomware Attack

Permalink - Posted on 2022-03-22 18:00

ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident detected on Sunday that is still keeping most of the organizations services offline. An initial statement about the attack came on Monday, when ELTA announced the cause of a service disruption, claiming that its immediate response and isolation of the entire data center has helped mitigate the impact. In a new announcement today, the organization has shared more details about the incident and updated its customers about the extent of the service outages. More specifically, its IT teams have determined that the threat actors exploited an unpatched vulnerability to drop malware that allowed access to one workstation using an HTTPS reverse shell.


Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack

Permalink - Posted on 2022-03-22 18:00

Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service. The announcement notes that the attackers leveraged the Windows BitLocker feature to encrypt files, essentially performing a ransomware attack. According to the agency, the reason behind the attack appears to be sabotage and not financial, since Miratorg is one of Russia's largest and food suppliers. The point of compromise was VetIS, a state information system used by veterinary services and companies engaging in the field, making it likely a supply chain compromise, although more clarification is needed in this regard.


Okta Investigating Claims of Customer Data Breach from Lapsus$ Group

Permalink - Posted on 2022-03-22 18:00

Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach. On Tuesday, data extortion group Lapsus$ posted screenshots in their Telegram channel of what it alleges to be access to Okta's backend adminsitrative consoles and customer data. Screenshots shared by Lapsus$, as seen by BleepingComputer, show the system date set to January 21st, 2022, indicating the hack may have occurred months ago. One of the screenshots displaying Lapsus$' 'superuser' access to Okta's admin console also includes an URL with an email belonging to an Okta customer support representative who was likely compromised.


Federal Government Investigating Over 2 Dozen Medical Data Breaches in the Carolinas

Permalink - Posted on 2022-03-22 18:00

Patients have put their trust in hospitals, health plans and medical providers throughout the pandemic, but as medical professionals worked tirelessly to save lives, the health care industry could not stop hackers from causing a record number of security breaches, not just jeopardizing medical data, but personal and financial information too, a WCNC Charlotte analysis of federal data revealed. U.S. Department of Health and Human Services records show health care companies in North Carolina and South Carolina have reported 47 large breaches of unsecured protected health information impacting more than 1.4 million people since 2020. The Office for Civil Rights is currently investigating 26 of those breaches, according to federal data. Most were the result of hackers/IT incidents, but there were cases of unauthorized access and one of theft, public records reveal. "That's a very big number," UNC Charlotte Professor of Software Information Systems Dr. Mohamed Shehab said of the number of people impacted. "It's shocking."


JDC Healthcare Management Data Breach Affects More Than 1 Million Texans

Permalink - Posted on 2022-03-21 18:00

On March 17, 2022, Dallas, TX-based JDC Healthcare Management, which runs more than 70 Jefferson Dental & Orthodontics practices throughout the state of Texas, reported a security breach to the Office of the Attorney General of Texas that has affected more than 1 million Texans. As previously reported on this site, JDC Healthcare Management detected malware within its IT network on or around August 9, 2021, with the forensic investigation into the security breach confirming the malware was downloaded onto its systems on July 27, 2021. Further information on the data breach has now been obtained. JDC Healthcare Management explained that the malware gave unauthorized individuals access to its IT systems from July 27, 2021, to August 16, 2021, and its forensic investigation confirmed the attackers viewed or copied files on its systems that contained patients’ electronic protected health information (ePHI). JDC Healthcare Management explained in its March 2022 breach notification letters that the comprehensive review of the impacted files is ongoing, but it has been confirmed that the types of exposed and compromised ePHI included names, dates of birth, Social Security numbers, driver’s license numbers, financial information, health insurance information, and medical information.


NFT Fraud in the U.K. Soars 400% in 2021

Permalink - Posted on 2022-03-21 18:00

Reports of fraud related to Non-Fungible Tokens (NFTs) have risen by triple digits between 2020 and 2021, albeit from a low base, according to data seen by law firm Pinsent Masons. The multi-national legal practice claimed today that while reporting figures were still only in double figures last year, the actual number for NFT fraud is likely to be much higher as inexperienced investors are drawn to the fast-growing market. NFTs are unique blockchain records that can be minted and sold by digital content creators as proof of ownership. Hinesh Shah, senior associate forensic accountant and financial crime investigator at Pinsent Masons, argued that fraud would continue to surge in the space this year.


Britian: Over 40,000 London Voters Have Data Leaked to Strangers

Permalink - Posted on 2022-03-21 18:00

Tens of thousands of London residents have had their personal details accidentally leaked by their council after emails were sent to the wrong recipients. The electoral services department of Wandsworth Council in the south-west of the capital sent out the routine emails to registered voters at the end of last week. They were intended to clarify changes to electoral ward boundaries ahead of upcoming local elections. However, 43,000 voters – representing around 13% of local residents – received names, addresses and voting instructions for people other than those in their household.


Payment Fraud Attack Rate Across Fntech Ballooned 70% in 2021

Permalink - Posted on 2022-03-21 18:00

Sift released a report, detailing the increasingly sophisticated — and often automated — tactics cybercriminals leverage to commit payment fraud. Derived from a global network of over 34,000 sites and apps and a survey of over 1,000 consumers, the index reveals that the payment fraud attack rate across fintech ballooned 70% in 2021—making it the highest increase across any vertical in the network. The increase in payment fraud also correlated with massive 121% growth in fintech transaction volumes on Sift’s network year-over-year, making this sector an attractive target for cybercriminals. According to this analysis, these rising attacks were aimed primarily at alternative payments like digital wallets, which saw a 200% increase in payment fraud, along with payments service providers (+169%), and cryptocurrency exchanges (+140%). These abuse tactics were aimed at buy now/pay later (BNPL) services, which saw a 54% year-over-year uptick in fraud attack rates. In late 2021, Sift’s Trust and Safety Architects discovered a growing number of fraud schemes on Telegram offering unlimited access to BNPL accounts through fake credit card numbers and compromised email addresses—showcasing the array of methods actors in the Fraud Economy are using to target the entire fintech sector.


HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle

Permalink - Posted on 2022-03-21 18:00

A data breach at HubSpot, a tool used by many companies to manage marketing campaigns and on-board new users, has affected BlockFi, Swan Bitcoin, NYDIG and Circle. HubSpot is a customer relationship management (CRM) tool used to store users’ names, phone numbers and email addresses for marketing purposes, and measure the effectiveness of marketing campaigns. While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. In outreach emails seen by CoinDesk, the companies said HubSpot is an external tool and hackers did not gain access to internal systems. HubSpot said the breach was the result of a bad actor getting access to an employee account and using it to target stakeholders in the cryptocurrency industry.


South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau

Permalink - Posted on 2022-03-21 18:00

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by Zscaler in December 2021. Believed to be active since 2007, DarkHotel has a history of striking "senior business executives by uploading malicious code to their computers through infiltrated hotel Wi-Fi networks, as well as through spear-phishing and P2P attacks," Zscaler researchers Sahil Antil and Sudeep Singh said. Prominent sectors targeted include law enforcement, pharmaceuticals, and automotive manufacturers. The attack chains involved distributing email messages directed to individuals in executive roles in the hotel, such as the vice president of human resources, assistant manager, and front office manager, indicating that the intrusions were aimed at staff who were in possession of access to the hotel's network.


Australia: NSW Supreme Court Orders Local Elections Impacted by iVote Failure to Be Recast

Permalink - Posted on 2022-03-18 19:00

The three local elections impacted by New South Wales' iVote system failure last year have all been voided, the New South Wales Electoral Commission (NSWEC) said yesterday evening. "The Electoral Commissioner regrets the inconvenience caused to these councils and their councillors, but he welcomes the resolution of the matter and will now commence preparations for fresh elections," the NSWEC said in a statement. The integrity of local elections in Kempsey, Singleton, and Shellharbour was put into doubt at the end of last year as some people in those councils were unable to cast their vote as the iVote system suffered a failure for a portion of the voting period. This led to the NSWEC submitting an application to the state's Supreme Court for the election bungle to be reviewed. After reviewing the elections, the NSW Supreme Court decided to void the three election outcomes, which now means people in those councils will have to recast their vote. The re-election will use a separate system, as the NSWEC confirmed earlier this week that the iVote system will be parked until after next year's state election as there is a lack of confidence it will be ready in time.


Medical Data of More Than 500,000 People Stolen in France

Permalink - Posted on 2022-03-18 19:00

The health data of more than half a million people in France have been stolen from insurance body l’Assurance maladie after the accounts of healthcare staff were hacked. The 19 accounts, mainly belonging to pharmacists, were hacked after their email addresses were compromised. Data stolen include the names, surnames, date of birth, social security numbers, GP details, and levels of reimbursement for at least 510,000 people.


Eastern Ozarks Regional Health Sued by Arkansas AG for Failure to Secure Patient Data

Permalink - Posted on 2022-03-18 19:00

Arkansas Attorney General Leslie Rutledge announced this week that legal action is being taken against Country Medical Services Inc., the former operator of Eastern Ozarks Regional Health System in Cherokee Village, and owners Robert Becht of Hartsville, TN, and Theresa Hanson of Deland, FL, for mishandling the sensitive personal and protected information of thousands of individuals. In December 2004, Eastern Ozarks Regional Health’s 40-bed hospital was permanently closed. Country Medical Services had run the hospital for 9 years; however, an investigation by the state Department of Health identified almost 3 dozen potential violations of the Emergency Medical Treatment and Labor Act, as the hospital was unable to provide emergency services. Rather than face the financial penalties, the hospital immediately terminated its hospital license in 2004. 6 years later, the property was transferred to the state after the owners failed to pay their taxes. An inspection of the property by the office of the Attorney General identified boxes of files in the property that contained sensitive personal data. Unauthorized individuals had gained access to the property and files stored throughout the facility appeared to have been examined, potentially by individuals looking for sensitive personal data. At this stage, it is unclear how many former patients of the facility have had their sensitive data exposed and potentially stolen. Files left unsecured at the property included a range of sensitive employee and patient information, including names, contact information, Social Security numbers, driver’s license numbers, financial account information, medical information, and biometric data.


Cloud-Based Email Threats Surge 50% in 2021

Permalink - Posted on 2022-03-18 19:00

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro. The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence. It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020. The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed. However, some threat detections declined: ransomware attempts dropped by 21% and BEC by 11% in 2021. While this might appear good news, Trend Micro claimed this is evidence of more targeted attacks aimed at larger organizations. In the case of BEC, Trend Micro blocked a higher percentage of advanced BEC emails, which could only be detected by comparing the writing style of the attacker with that of the intended sender. These comprised 47% of all BEC attempts in 2021 versus 23% in 2020, with the remainder detected by analyzing behavior and intent. BEC was the highest-grossing cybercrime type of 2020, generating losses of nearly $1.9bn, according to the FBI. Elsewhere, the report warned organizations that despite the surge in newly published vulnerabilities in 2021, nearly a quarter (22%) of exploits sold in the cybercrime underground last year were over three years old. Overall, Trend Micro blocked over 94 billion threats in 2021, a 42% increase from the previous year.


Japan's Bridgestone Reports Ransomware Attack at U.S. Subsidiary

Permalink - Posted on 2022-03-18 19:00

Japanese tyre manufacture Bridgestone on Friday (Mar 18) said its US subsidiary has suffered a ransomware attack, just weeks after suppliers of automaker Toyota Motor reported similar attacks. Bridgestone in a statement said third-party unauthorised access was made at Bridgestone Americas on Feb 27, prompting it to shut down its computer network. It said it later reconnected the network after a comprehensive security check. An investigation later determined the incident to be a ransomware attack, Bridgestone said. The announcement comes about two weeks after Toyota's main supplier, Denso, detected unauthorised access via a ransomware attack at a group company that handles sales and engineering in Germany. Another Toyota supplier was hit by a cyberattack late last month, prompting Japan's largest automaker to shut down domestic production for one day on Mar 1, affecting output of around 13,000 vehicles.


South Africa Credit Bureau Breached, Data Reportedly Held for $15 Million Ransom

Permalink - Posted on 2022-03-18 18:00

One of the top credit bureaus in South Africa has suffered a data breach, and the hackers are demanding about $15 million in ransom, according to news reports. The country’s arm of TransUnion confirmed Thursday that “a criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials.” The company said the ransom demand “will not be paid.” South African news site ITWeb reported that a group calling itself N4aughtysecTU, which claims to be be based in Brazil, is taking responsibility.


Irish Watchdog Fines Meta $19 Million Over Data Breach

Permalink - Posted on 2022-03-16 18:00

Facebook parent company Meta Platforms has been fined €17m ($19m) by Ireland’s data regulator. The decision by the Data Protection Commissioner (DPC) was based on the results of an inquiry into twelve data breach notifications received by the DPC between June 7 2018 and December 4 2018. The probe examined how far Meta Platforms had complied with the requirements of GDPR Articles 5(1)(f), 5(2), 24(1) and 32(1) regarding the processing of personal data relevant to the breach notifications. In a statement released Tuesday, the DPC said that the inquiry had found that Meta Platforms infringed Articles 5(2) and 24(1) GDPR.


DOJ Settles Civil Cyber Fraud Initiative Case with CHS and Imposes a $930,000 Penalty

Permalink - Posted on 2022-03-16 18:00

The U.S. Department of Justice (DOJ) has announced a settlement has been reached with the Cape Canaveral, FL-based healthcare services contractor, Comprehensive Health Services (CHS), to resolve alleged False Claims Act violations. This is the first settlement to be reached under the DOJ Civil Cyber Fraud Initiative, which was launched in 2021. The Civil Cyber Fraud Initiative was launched to pursue cases against government contractors that knowingly used deficient cybersecurity products and services which put information systems at risk, as well as failures to report cybersecurity incidents. CHS and its subsidiaries had contracts with the U.S. Department of State and the U.S. Air Force to operate medical services at U.S. military facilities in Afghanistan and Iraq. Two actions were filed under the whistleblower provisions of the False Claims Act that alleged CHS received payment for operating those medical facilities but failed to operate them in a manner consistent with U.S. standards. CHS was alleged to have failed to maintain appropriate staffing levels, allowed unqualified individuals to perform surgery, pharmacy, and radiology services, and claimed that some of the controlled substances provided to patients at the medical facilities had been approved by the U.S. Food and Drug Administration or European Medicines Agency, when those substances had been imported from South Africa and had not been approved. CHS was accused of bidding on the contracts to run the medical facilities when it was aware that it was unable to meet its obligations to do so. Between 2012 and 2019, CHS submitted claims for reimbursement of $486,000 under its contract but did not disclose that it had failed to consistently store medical records in a secure, HIPAA-compliant electronic medical record (EMR) system. CHS staff scanned medical records for the EMR system but saved scanned copies of some of the records on an internal network drive, which could be accessed by non-clinical staff, including Iraqi nationals employed at the site. Some staff members expressed concern about the insecure storage of private medical information, but CHS took no action to address the issue and failed to ensure medical records were only stored in the EMR system. CHS was also alleged to have been made aware of several HIPAA breaches but failed to disclose them.


Mobile Devices See 466% Annual Increase in Zero-Day Attacks

Permalink - Posted on 2022-03-15 16:00

More than two million mobile malware samples were detected in the wild last year, with threats impacting over 10 million devices globally, according to new data from Zimperium. The mobile security vendor compiled its 2022 Global Mobile Threat Report based on insight collected from its security research team and a survey of global tech leaders. It claimed that over two-fifths (42%) of organizations had witnessed a security incident stemming from unpatched mobile apps or devices, while more than a fifth (23%) encountered malicious apps. Nearly a third (30%) of zero-day vulnerabilities in 2021 targeted mobile devices, and there was a 466% year-on-year increase in exploited zero-day vulnerabilities used in active attacks against mobiles, the study claimed. Interestingly, despite its reputation as a more secure ecosystem, vulnerabilities in iOS accounted for 64% of mobile-specific zero-day attacks. Many of these threats start with a phishing lure: three-quarters (75%) of the phishing sites analyzed by Zimperium specifically targeted mobile devices. Interestingly, cloud misconfiguration is a significant cyber-related risk in the mobile sphere. Zimperium’s analysis of over 1.3 million Android and iOS apps revealed that 14% of those using public cloud backends had misconfigurations that exposed users’ personal information. Part of the challenge for security leaders is managing the growing number of consumer devices being used for work and connecting to corporate assets. Two-thirds (66%) of smartphones and over half (55%) of tablets used in the enterprise last year were employee-owned, according to the study. Before the pandemic, 60% of organizations had no BYOD policies in place. Zimperium also found that mobile users in APAC are twice as likely to encounter malicious websites versus the global average, while 30% of devices in Africa encountered malware last year.


Nearly 300,000 SDCA Heart Patients' Data Exposed

Permalink - Posted on 2022-03-15 16:00

The protected health information (PHI) of hundreds of thousands of heart patients may have been exposed during a cyber-attack on South Denver Cardiology Associates (SDCA). In a recent privacy incident notice issued to its patients, the healthcare provider disclosed that its network had been breached in January 2022. The unknown perpetrator(s) gained access to files containing information on 287,652 patients during the attack.


FTC Takes Action Against CafePress for Data Breach Cover Up and Poor Security

Permalink - Posted on 2022-03-15 16:00

The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. The FTC alleges that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses. In a complaint filed against Residual Pumpkin Entity, LLC, the former owner of CafePress, and PlanetArt, LLC, which bought CafePress in 2020, the FTC alleged that CafePress failed to implement reasonable security measures to protect the sensitive information of buyers and sellers stored on its network. In addition to storing Social Security numbers and password reset answers in clear, readable text, CafePress retained the data longer than was necessary. The company also failed to apply readily available protections against well-known threats and adequately respond to security incidents, the complaint alleged. As a result of its shoddy security practices, CafePress’ network was breached multiple times. According to the complaint, a hacker exploited the company’s security failures in February 2019 to access millions of email addresses and passwords with weak encryption; millions of unencrypted names, physical addresses, and security questions and answers; more than 180,000 unencrypted Social Security numbers; and tens of thousands of partial payment card numbers and expiration dates. Some of the information was later found for sale on the Dark Web. After being notified a month later that it had a security vulnerability and that hackers had obtained consumer data, CafePress patched the vulnerability but failed to properly investigate the breach for several months despite additional warnings, the complaint alleged. This included a warning in April 2019 from a foreign government, which notified the company that a hacker had illegally obtained CafePress customer account information and urged the company to notify affected customers. The company, however, withheld this essential information, and instead only told customers to reset their passwords as part of an update to its password policy.


Ireland's privacy Watchdog Sued for Inaction Over Google Data Breach

Permalink - Posted on 2022-03-15 16:00

Ireland’s evasive response to a major security complaint filed against Google’s adtech the year the European Union’s General Data Protection Regulation (GDPR) came into application is the target of a new lawsuit that accuses the Data Protection Commission (DPC) of years of inaction over what the complainants assert is “the largest data breach ever.” Today local press in Ireland reported that the Irish High Court has agreed to hear the suit. The litigation has been prepared by the Irish Council for Civil Liberties (ICCL), whose senior fellow, Johnny Ryan, is named as the plaintiff. At issue is the DPC’s response to a long-running complaint about Google’s role in the high-velocity trading of web users’ personal data to determine which ads get served — and, more specifically, the lack of attention the data-trading systems of the tracking-based advertising industry pay to security. (Security, of course, is a key principle of the EU’s flagship data protection regime.) The ICCL’s suit thus accuses the DPC of a failure to act on what it couches as a “massive Google data breach.”


Prison Service for England and Wales Recorded More Than 2,000 Data Breaches Over 12 months

Permalink - Posted on 2022-03-15 16:00

The UK Ministry of Justice (MoJ) has defended its data protection practices following allegations it failed to support an employee affected by a data breach of an MoJ service. The employee’s sensitive personal data was apparently exposed because of unauthorized access gained to the Justice Academy, an online learning and careers platform used by MoJ and other public sector staff. These claims were documented in a blog post published by CEL Solicitors, a UK law firm representing the employee. CEL Solicitors also revealed that Her Majesty’s Prison and Probation Service (HMPPS), part of the MoJ, recorded 2,152 data breaches in the 12 months up to September 2021. One of the breaches was sufficiently serious to be reported to the Information Commissioner’s Office (ICO), according to a response from the MoJ, issued in October 2021, to a Freedom of Information Act (FOIA) request.


Britian: Legal Practice Fined £100,000 After Hacker Stole Court Information

Permalink - Posted on 2022-03-14 19:00

The UK data protection regulator has fined a leading legal practice £98,000 after security failures that enabled ransomware actors to steal sensitive information on scores of court cases. Tuckers Solicitors, which has offices across southern England, the northwest and Midlands, describes itself as “the UK’s leading criminal defence lawyers.” However, according to a monetary penalty notice issued by the Information Commissioner’s Office (ICO), its cybersecurity policy failed to comply with GDPR requirements for “technical and organizational measures.” As a result, threat actors were able to breach the firm’s network, possibly by exploiting a vulnerability that went unpatched for five months and encrypting nearly one million files on an archive server. Of these, 24,711 related to “court bundles,” 60 of which were exfiltrated by the attacker and published on an underground market.


South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

Permalink - Posted on 2022-03-14 19:00

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022. During that time, the hackers accessed certain files stored on its systems, some of which contained patients’ personal and protected health information. A comprehensive review of those files confirmed they contained patient names along with one or more of the following types of information: dates of birth, Social Security numbers, drivers’ license numbers, patient account numbers, health insurance information, and clinical information such as physician names, dates and types of service, and diagnoses.


Dominican Republic Hackers Steal $2.7 Million in Welfare Cards

Permalink - Posted on 2022-03-14 19:00

Tens of thousands of beneficiaries of the government aid social program of the Presidency of the Republic, Supérate, have not received their respective subsidies due to the cloning of at least 30,000 ID cards worth US$2.7 million in the southern region and the province Santo Domingo during the month of February. This was confirmed by Gloria Reyes, the general director of the Supérate program to Diario Libre, noting that so far some 30,000 plan cards that had been supplanted have been replaced and returned to the plan’s beneficiaries and the process continues. She said the fraud is in an investigation process in which the Police, the Justice Ministry and the National Directorate of Investigations (DNI) are working, making the inquiries “so we don’t want to alert others linked.”


Fresno lost More Than $600,000 to a Phishing Scam in 2020

Permalink - Posted on 2022-03-14 19:00

The city of Fresno lost about $400,000 in 2020 after falling victim to an electronic phishing scam, and former Mayor Lee Brand’s administration failed to disclose the loss to the Fresno City Council and taxpayers, The Fresno Bee has confirmed. Furthermore, the Fresno City Attorney’s Office in December 2021 rejected a public records request from The Fresno Bee seeking city communications regarding the fraud. The city told The Bee no records were located. However, The Bee recently obtained emails that existed prior to the records request.


Ukraine War Has Insurers Worried About Cyber Policies

Permalink - Posted on 2022-03-14 19:00

Insurance for cyberattacks has been a booming business, but Russia’s invasion of Ukraine has insurers sweating about the possibility of big losses. They are rushing to plug a possible loophole that leaves them vulnerable. Sales of cyber insurance more than doubled last year to about $15 billion as companies sought to protect themselves from the costs of ransomware and computer viruses that could cripple their operations. Like most insurance policies, these have exclusions for acts of war.


Automotive Giant Denso Confirms Hack

Permalink - Posted on 2022-03-14 19:00

Denso has confirmed a cyberattack impacting the firm's German operations. The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in "almost all vehicles around the globe." t appears that the Pandora ransomware group has claimed responsibility. The group's leak site, accessed by ZDNet via Kela's Darkbeast engine, claims that 1.4TB of data has been stolen.


Logan Health Facing Class Action Lawsuit Over Data Breach

Permalink - Posted on 2022-03-11 17:00

Legal action is being taken against Logan Health and subsidiary, sister, and related entities of Logan Health over a data breach that occurred in 2021 and affected 213,543 Logan Health Medical Center patients. The class action lawsuit was filed in the U.S. District Court for the District of Montana Great Falls Division by law firm Heenan & Cook on behalf of plaintiff Allison Smeltz and all similarly affected individuals over the alleged failure of the health system to protect the plaintiff’s and class members’ sensitive personal information. The data breach in question was reported by Logan Health in February 2022, with its investigation confirming unauthorized individuals had access to its system between November 18, 2021, and November 22, 2021. Hackers gained access to a single file server housing files that contained patients’ protected health information such as names, contact information, insurance claim information, date(s) of service, medical bill account number, and health insurance informa­tion. Logan Health said it had found no evidence of misuse of patient data, offered affected individuals complimentary credit monitoring and identity protection services, and said it is implementing additional measures to prevent similar data breaches. According to the lawsuit, the cyberattack and data breach were due to the failure of Logan Health to “implement adequate and reasonable training of employees and/or procedures and protocols,” and claims Logan Health and the other defendants should have been aware of the value of protected health information to hackers and the risk of data breaches, given the number of breaches now being reported and the warnings from Federal agencies to the healthcare industry. The lawsuit points out that data breach was one of several to have affected Logan Health. Logan Health reported another breach in January 2021 that affected 2,081 Montanans, and another in 2019 that affected 126.805 Montanans when Logan Health was operating as Kalispell Regional Healthcare. The lawsuit claims that as a direct result of the failure to prevent the data breach, victims have suffered and will continue to suffer damages, including the compromise, publication, theft and/or unauthorized use of their PII/PHI, out-of-pocket costs from the prevention, detection, recovery, and remediation from identity theft or fraud, lost opportunity costs and lost wages, and the continued risk to their PII/PHI from the failure of Logan Health to implement appropriate safeguards to protect against data breaches. The lawsuit cites several causes of action, including negligence, invasion of privacy, breach of implied contract, unjust enrichment, and violations of the Montana Consumer Protection Act, and alleges Logan Health had failed to comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).


Breach Barometer Report Shows Over 50 Million Healthcare Records Were Breached in 2021

Permalink - Posted on 2022-03-11 17:00

Protenus has released its 2022 Breach Barometer Report which confirms 2021 was a particularly bad year for healthcare industry data breaches, with more than 50 million healthcare records exposed or compromised in 2021. The report includes healthcare data breaches reported to regulators, as well as data breaches that have been reported in the media, incidents that have not been disclosed by the breached entity, and data breaches involving healthcare data at non-HIPAA-regulated entities. The data for the report was provided by databreaches.net. Protenus has been releasing annual Breach Barometer reports since 2016, and the number of healthcare data breaches has increased every year, with the number of breached records increasing every year since 2017. In 2021, it has been confirmed that at least 50,406,838 individuals were affected by healthcare data breaches, a 24% increase from the previous year. 905 incidents are included in the report, which is a 19% increase from 2020. The largest healthcare data breach of the year occurred affected Florida Healthy Kids Corporation, a Tallahassee, FL-based children’s health plan. Vulnerabilities in its website had not been addressed by its business associate since 2013 and those vulnerabilities were exploited by hackers who gained access to the sensitive data of 3,500,000 individuals who applied for health insurance between 2013 and 2020. Hacking incidents increased for the 6th successive year, with 678 breaches – 75% of the year’s total number of breaches- attributed to hacking incidents, which include malware, ransomware, phishing and email incidents. Those breaches resulted in the records of 43,782,811 individuals being exposed or stolen – 87% of all breached records in 2021. There has been a general trend over the past 6 years that has seen the number of insider incidents fall, albeit with an increase in 2020. There were 111 insider incidents in 2021, similar to the 110 incidents in 2019, which is a 26% decrease from 2020. The increase in 2020 is believed to be pandemic-related, with Protenus suggesting the 2020 spike was driven by a pandemic-related increase in insider curiosity or organizational detection of impropriety that has since subsided. There were 32 theft-related breaches involving at least 110,6656 records and 11 cases of lost or missing devices or paperwork containing the records of at least 30,922 individuals. 73 incidents could not be classified due to a lack of information. Healthcare providers continue to be the worst affected HIPAA-covered entity type, but business associate data breaches have increased to almost double the level of 2019. 75% of those incidents were hacking-related, 12% were due to insider error, and 1% were due to insider wrongdoing. Across those incidents, 20.986,509 records were breached. Protenus says that the average number of records breached in business associate data breaches is higher than any other breach. The time taken to discover a data breach decreased by 30% since 2020. The average time from the date of the breach to discovery is now 132 days; however, it is taking much longer for organizations to disclose data breaches than in 2020. In 2021, the average time to report a data breach was 118 days, which is well over the 60 days stipulated by the HIPAA Breach Notification Rule. In 2020, the time from discovery to reporting was 85 days. The median time for reporting breaches was 62 days in 2021, which is also over the Breach Notification Rule reporting deadline.


Canada: GreenSlate Makes Notification of Data Breach

Permalink - Posted on 2022-03-11 17:00

GreenSlate is notifying employees of some of its clients about a breach involving a rogue Canadian employee. According to their notification template submitted to the California Attorney General’s Office, on December 22, 2021, the firm’s security team detected that between December 10 and December 15, 2021, an employee in Canada had downloaded scanned paperwork and certain electronic records containing personal information of some of their clients’ employees. On December 23, 2021, GreenSlate retained firms to investigate the breach and coordinate with authorities. The same day, they contacted the FBI, the Royal Canadian Mounted Police, and the Toronto Police Service. On March 1, 2022, Toronto Police Service arrested the former employee, freeing GreenSlate to make notifications without interfering with the law enforcement actions. GreenSlate notes that the now-former employee’s pre-hire background check had not revealed any criminal history or concerns. The affected individuals’ personal information varied by document but may have included their name, date of birth, Social Security Number, Social Insurance Number, work authorization papers, and direct deposit bank account information. The notification template does not indicate how many people had their information stolen by the employee.


U.S. Congress Passes Cyber Incident and Ransom Payment Reporting Requirement

Permalink - Posted on 2022-03-11 17:00

The Act mandates incident reporting for critical infrastructure entities that suffer cyber incidents or that make ransom payments in response to ransomware attacks. The Act requires a “covered entity” to report a “covered cyber incident” to CISA within 72 hours after the covered entity reasonably believes that a covered cyber incident has occurred. If a covered entity makes a ransom payment in response to a ransomware attack, the covered entity must report the payment to CISA within 24 hours. Covered entities must submit updates to prior reports if new information becomes available or if a ransom payment subsequently is made. Additionally, reporting entities must preserve data relevant to the covered cyber incident or ransom payment. The Act directs the CISA Director to define what constitutes a “covered entity” and “covered cyber incident.” A “covered entity” may include an entity in one of the 16 critical infrastructure sectors defined in Presidential Policy Directive 21, taking into consideration the consequences that a compromise of such an entity could cause to national security, economic security, or public health and safety, and the potential impact of the disruption of reliable operation of critical infrastructure. A “covered cyber incident” includes a “substantial” cyber incident that causes “a substantial loss of confidentiality, integrity, or availability” of information systems, “a disruption of business operations,” or “unauthorized access or disruption of business or industrial operations . . . caused by[] a compromise of a cloud service provider, managed service provider, or other third-party data hosting provider or by a supply chain compromise.”


U.K. Ferry Operator Wightlink Flags Potential Data Breach

Permalink - Posted on 2022-03-11 17:00

UK ferry operator Wightlink has been hit by a “highly sophisticated” cyber-attack that may have compromised personal data belonging to “a small number of customers and staff”. Wightlink says the attack, which happened in February, affected certain back-office IT systems.


90% of MSPs Hit By a Successful Cyber Attack in the Past 18 Months

Permalink - Posted on 2022-03-10 16:00

Nine in 10 (90%) managed service providers (MSPs) experienced a successful cyber-attack in the past 18 months, according to new research by N-able. The study also found that the number of attacks prevented by these organizations during this period almost doubled, from six to 11. According to the researchers, this shows that MSPs are quickly becoming more of a primary target than their customers for cyber-criminals. The research reflected the views of 500 senior decision-makers at MSPs about their security experiences both before the pandemic and today. More than four-fifths (82%) of MSPs reported seeing attacks on their customers rise in the past 18 months, preventing an average of 18 attacks per month. The study also revealed a wide range of effects arising from successful cyber-attacks on MSPs. Over half of respondents experienced financial loss and business disruption following an attack. At the same time, 46% said they had lost business, 45% suffered reputational effects and 28% saw their customers suffer a loss of trust. The most common attack methods detected by MSPs were phishing (75%), DDoS (56%) and ransomware (42%).


U.K.'s ICO Hits Criminal Defense Firm Tuckers Solicitors with Monetary Penalty After Ransomware Attack

Permalink - Posted on 2022-03-10 16:00

The Information Commissioner announced today that it has issued Tuckers Solicitors a monetary penalty under section 155 of the Data Protection Act 2018 (“the DPA”). The penalty notice imposes an administrative fine on Tuckers, in accordance with the Commissioner’s powers under Article 83 of the General Data Protection Regulation 2016 (“the GDPR”). The amount of the monetary penalty is £98,000. In a 44-page notice, the IC outlines the chronology of a ransomware attack the firm experienced in 2020. In that incident, Maze threat actors encrypted files and exfiltrated 60 “court bundles.” As described in the notice, the attack resulted in the encryption “of 972,191 individual files, of which 24,712 related to court bundles; of the encrypted bundles, 60 were exfiltrated by the attacker and released in underground data marketplaces. The compromised files included both personal data and special category data.” The bundles included a “comprehensive set of personal data, including medical files, witness statements, name and addresses of witnesses and victims, and the alleged crimes of the individuals. The 60 exfiltrated court bundles included 15 relating to criminal court proceedings and 45 civil proceedings. Of the 60 exfiltrated court bundles, the personal data was not related to just one living individual; it was likely to have included multiple individuals.” The Commissioner found that during the period of 25 May 2018 (when GDPR went into effect) and 25 August 2020, Tuckers “failed to process personal data in a manner that ensured appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.


Unable to Determine What Fles Were Accessed, Norwood Clinic Notifies All 228,103 Patients

Permalink - Posted on 2022-03-10 16:00

Norwood Clinic in Birmingham, Alabama is notifying 228,103 patients of a hacking incident that left them unable to determine what, if anything, had been accessed. In a notification to the Maine Attorney General’s Office, the clinic’s external counsel reported that the breach began on September 20 and was discovered on October 22. The types of patient information that may have been accessed included name, contact information, date of birth, Social Security number, Driver’s License number, limited health information, and/or health insurance policy number.


Italy Fines U.S. Facial Recognition Firm

Permalink - Posted on 2022-03-10 16:00

Italy's data privacy watchdog on Wednesday fined US-based firm Clearview AI 20 million euros (almost $22 million) over its controversial facial recognition software. The watchdog ordered the company to delete data relating to people in Italy and banned it from further collection and processing of information there. Clearview AI says it has built up a database of more than 10 billion facial images taken from public websites, from social media to news sites, which it touts as a tool for law enforcement. Italy's privacy watchdog said that, despite Clearview's assertions to the contrary, the firm had allowed the tracking of citizens and people in Italy.


Consumers Worried About Digital Banking Security

Permalink - Posted on 2022-03-09 17:00

Most consumers prefer to bank digitally rather than in person but are worried about the risk of fraud, according to new research by payments and data security company, Entrust. A survey of 1350 consumers who made or received digital payments in the past 12 months found that 88% of respondents prefer to do their banking online in some form. Nearly all respondents (90%) reported being concerned about becoming a victim of banking or credit fraud. Responses were gathered from consumers in nine countries, including the United States, Canada, United Kingdom, Germany, Saudi Arabia, United Arab Emirates, Singapore, Australia and Indonesia. More than half (59%) said they prefer using their bank or credit union’s app to do their banking, while 29% prefer their desktop web browser. A small proportion of respondents preferred to bank in person at their branch (8%) or an interactive teller machine (3%). Most of the respondents based in the United States (86%) said that they would consider using an entirely branchless online banking service for their banking. When questioned about their personal experience of banking security, 42% of respondents said that they had received notification of a personal banking or credit fraud within the past 12 months. As a result of receiving this notification, more than two-thirds of respondents (67%) switched to a different bank or credit union. Asked how they felt about using digital currencies for payments, more than half of respondents (52%) said they would consider it. Regarding sharing their most preferred payment method, 50% of respondents listed credit/debit cards with chips, while 48% favored contactless credit/debit cards.


PHI of Over 500,000 Individuals Potentially Compromised in 4 Security Incidents

Permalink - Posted on 2022-03-09 17:00

Over 500,000 individuals have been affected by cyberattacks on Norwood Clinic, PracticeMax, Central Indiana Orthopedics, and an unauthorized electronic medical record incident at Ascension Michigan.


Small Business Owners Worried About the Cyber Security of Their Commercial Vehicles

Permalink - Posted on 2022-03-09 17:00

Small business owners are adding electric vehicles to their service fleets, a survey released by HSB reports, but they worry about cybersecurity when connecting them to public charging stations. The poll conducted by Zogby Analytics found 15 percent of small and medium-size businesses had leased or purchased electric vehicles (EVs) for commercial use. 76 percent of those business owners and managers were concerned EV charging stations could be a target for hackers, ransomware, and other cyber-attacks.


E-commerce Giant Mercado Libre Confirms Source Code Data Breach

Permalink - Posted on 2022-03-09 17:00

Argentinian e-commerce giant Mercado Libre has confirmed "unauthorized access" to a part of its source code this week. In a press release and a Form 8-K filing seen by BleepingComputer today, MercadoLibre confirmed that a part of its source code had been subject to unauthorized access. It is not clear at this time if the information of these 300,000 Mercado users was stored in one of the source code repos—a practice BleepingComputer has come across before when reporting on some data breach cases.


Oklahoma Hospital Data Breach Impacts 92,000 People

Permalink - Posted on 2022-03-08 17:00

A security incident at a nonprofit community hospital in Oklahoma may have exposed the personal data of more than 92,000 individuals. Duncan Regional Hospital (DRH) found access to some of its systems mysteriously blocked on January 20 2022. The hospital disconnected all its systems from external access and notified law enforcement. DRH triggered its cybersecurity incident response plan and hired an independent forensics firm to determine what had happened, how it had occurred and whether any sensitive information may have been impacted. A security notice, submitted to the attorney general of Maine on March 4 by law firm Clark Hill on behalf of DRH, stated that the impacted data might include patients' name, date of birth, Social Security number, limited treatment information and medical appointment information such as date of service and name of providers.


Central Indiana Orthopedics Notifying 83,705 of October Data Breach

Permalink - Posted on 2022-03-08 16:00

In October, 2021, this site reported that Central Indiana Orthopedics (CIO) had promptly disclosed a data security incident involving Grief threat actors. This week, CIO’s external counsel notified the Maine Attorney General’s Office about the incident, reporting that 83,705 patients were impacted, total. Types of information involved included name, address, Social Security number, and limited health information.


Herff Jones Data Breach $4.35M Class Action Settlement

Permalink - Posted on 2022-03-08 16:00

Herff Jones will pay $4.35 million to resolve claims it failed to protect its customers during a 2021 data breach. The settlement benefits individuals whose payment card information was exposed during the Herff Jones data breach. Included consumers may have been notified of the breach by Herff Jones between May 12 and June 18, 2021. Herff Jones specializes in graduation products such as class rings, caps and gowns, yearbooks, and more. According to a data breach class action lawsuit, graduates started to report fraudulent charges on their payment cards in May 2021. One plaintiff claims his card was used for nearly $400 worth of fraudulent charges. Another plaintiff says his card was charged over $250 by unauthorized users. Shortly afterward, Herff Jones confirmed its website was accessed by hackers — putting thousands of customers at risk for credit card fraud.


Nespresso Data Leak in South Africa

Permalink - Posted on 2022-03-08 16:00

South African Nespresso distributor Top Coffee has sent a notice to clients informing them that their names, phone numbers, and email addresses may have been leaked. According to the notice, the personal information may have been temporarily exposed through a third-party supplier.


ICS Vulnerability Disclosures Surge 110% Over the Last Four Years

Permalink - Posted on 2022-03-08 17:00

Industrial control system (ICS) vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half (2H) of 2021 compared to the previous six months, according to a research released by Claroty. The report also found that ICS vulnerabilities are expanding beyond operational technology (OT) to the Extended Internet of Things (XIoT), with 34% affecting IoT, IoMT, and IT assets in 2H 2021.


Sinclair Losses Mount as Ransomware Costs Exceed Insurance Policy

Permalink - Posted on 2022-03-08 17:00

The attack, discovered on Oct. 16, was one of the most high profile cybersecurity incidents of 2021, in part due to the visual disruption it created at the company. The attack led to the encryption of an undisclosed number of servers and workstations and also disrupted normal operations of a number of local broadcasts. Sinclair owns, operates or provides services to 185 stations in 86 television markets and also owns 21 regional sports brands. A spokesperson for the company did not immediately return requests for comment. The impact of the attack was so extensive that Sinclair was still working to restore full operations in November, when it reported third quarter earnings.


PressReader Service Partially Returns After Cyber Attack Impacts Over 7,000 Publications

Permalink - Posted on 2022-03-08 16:00

PressReader, a digital platform for hundreds of print newspapers and magazines, said its systems are slowly returning to normal after a cyberattack caused outages since last Thursday. The app provides access to more than 7,000 publications from newspapers, libraries and museums across the world. It first announced the outages on March 3 and later confirmed it was because of a cybersecurity incident.


Rompetrol Gas Station Network Hit by Hive Ransomware

Permalink - Posted on 2022-03-08 16:00

Today, Romania's petroleum provider Rompetrol has announced that it is battling a "complex cyberattack." BleepingComputer has learned that Hive ransomware gang is behind this attack, and they're asking for a multi-million ransom. BleepingComputer also observed both KMG and Rompetrol websites are not reachable as of today and the Fill&Go application is no longer working. We learned though, that the company's email system (Microsoft Outlook) remains functional.


Weight Management Companies Settle Data Privacy Suit

Permalink - Posted on 2022-03-07 16:00

Two American weight management companies have agreed to pay $1.5m to resolve allegations concerning the illegal harvesting of children’s sensitive data. In a complaint filed in the US District Court for the Northern District of California, Kurbo Inc. and its parent company WW International Inc. (formerly Weight Watchers International Inc.) were accused of collecting children’s personal information without informing the children’s parents. Under the Children’s Online Privacy Protection Act (COPPA) and Children’s Online Privacy Protection Rule (COPPA Rule), websites, apps and online services that are child-directed or knowingly collect personal information from children must notify parents and get their consent before collecting, using or disclosing the personal information of children younger than 13. The allegations made by the US government concern the Kurbo by WW mobile application and website designed by the companies and marketed at children as young as eight years of age. It is alleged that the companies knew that the app and website gathered personal data from children, including their names, telephone numbers, email addresses, height, weight, food intake, physical activity and identifiers used to track their devices, but didn’t tell the children’s parents about the data collection or obtain their consent for it. It was further alleged that WW and Kurbo violated the COPPA Rule by retaining children’s personal information indefinitely and only deleting it when requested by a parent. In a settlement reached with the Federal Trade Commission (FTC), Kurbo and WW International agreed to delete personal information illegally collected from children under 13, destroy any algorithms derived from the data and pay a $1.5m penalty.


Australia: Long Delay Before Cyber Security NSW Notified of Accellion Hack

Permalink - Posted on 2022-03-07 16:00

NSW agencies may have delayed reporting a massive cyber attack to authorities for nearly a month, officials revealed on Monday. The breach of a software known as Accellion in December 2020 affected businesses and agencies worldwide, including Transport for NSW which had sensitive information stolen and posted on the dark web. Cybersecurity NSW wasn't told by Transport for NSW the agency had been hacked until January 21, 2021, officials told a budget estimates hearing. That’s despite Accellion claiming it notified all its customers of an incident two days before Christmas. Health Minister Brad Hazzard has previously said NSW Health, which was also affected by the hack, discovered the attack on Christmas Day, 2020. It was unclear when NSW Health notified the cyber authorities. The government has been tight-lipped about what sort of documents were stolen from Transport, but officials have previously said hackers did not access drivers licence, Opal Card or medical records systems. It's understood the Transport documents leaked online included steering committee meeting papers from 2016, a 2019 document relating to a government tender, and a 2020 letter from the NSW parliament’s upper house to the former Transport Secretary for information about ex-Wagga Wagga MP Daryl Maguire.


Ohio: Hilliard Schools Releases Student Names in Privacy Compromise

Permalink - Posted on 2022-03-07 16:00

Hilliard City Schools leaders are reviewing protocols related to public-information requests after learning Feb. 27 the district released the identity of students who were subject to disciplinary measures. The student data released appeared to have occurred because information a district employee intended redact from an Excel spreadsheet remained in a copied file, he said. The names of about 4,200 students were released, as well as the circumstances of their discipline.


Adafruit Discloses Data Leak from Ex-Employee's GitHub Repository

Permalink - Posted on 2022-03-07 16:00

Adafruit explains that although all security disclosures are published on the company's blog and security pages, there is no action for the users to perform as no passwords or payment card information were exposed in the data analysis set. "We evaluated the risk and consulted with our privacy lawyers and legal experts, and took the approach that we thought appropriately mitigated any issues while being open and transparent and did not believe emailing directly was helpful in this case," Adafruit's Managing Director Phillip Torrone, and founder Limor "Ladyada" Fried had previously stated. A major concern among users is the presence of real customer information in a former team member's GitHub repo, as opposed to using automatically-generated "fake" staging data. And, how this information could be misused by phishing actors.


Security Issues Identified in 75% of Infusion Pumps

Permalink - Posted on 2022-03-04 18:00

This week, researchers at Palo Alto’s Unit 42 team published a report that shows security gaps and vulnerabilities often exist in smart infusion pumps. These bedside devices automate the delivery of medications and fluids to patients and are connected to networks to allow them to be remotely managed by hospitals. The researchers used crowdsourced scans from more than 200,000 infusion pumps at hospitals and other healthcare organizations and searched for vulnerabilities and security gaps that could potentially be exploited. The devices were assessed against more than 40 known vulnerabilities and over 70 other IoT vulnerabilities. 75% of the 200,000 infusion pumps were discovered to have security gaps that placed them at an increased risk of being compromised by hackers. Worryingly, 52% of the analyzed devices were found to be vulnerable to two serious infusion pump vulnerabilities dating back to 2019, one of which is a critical flaw with a CVSS severity score of 9.8 out of 10 (Wind River VxWorks CVE-2019-12255), and the other is a high severity flaw with a CVSS score of 7.1 (Wind River VxWorks CVE-2019-12264). Vulnerabilities in infusion pumps could be exploited to cause harm to patients. By gaining access to the devices, attackers could stop the delivery of drugs and fluids or cause the devices to deliver potentially fatal doses of drugs. Vulnerabilities could also be exploited to gain access to, modify, or delete sensitive patient data, and it is the latter type of vulnerability that is most common.


Crossroads Health of Lake County Discloses Breach Affecting Former Beacon Health Patients

Permalink - Posted on 2022-03-04 18:00

It’s not a huge breach in terms of numbers compared to other breaches we’ve seen, but an incident reported by Crossroads Health in Ohio caught my eye because once again, it was old (legacy) data that was accessed and exfiltrated. In an undated statement on their website, Crossroads explains that an unauthorized party gained access to their systems from November 21, 2021 to January 18, 2022 and removed some files. Crossroads does not indicate why they only first identified the incident on January 18 instead of months earlier when it began, but less than one week after identifying that there was an incident, they determined that the exfiltrated files were from a legacy system that held information on clients of Beacon Health, a behavioral health facility that merged with Crossroads. Beacon Health had provided services to adults with mental illness and addiction disorders, and the merger took place in July, 2019. Although Crossroad’s notification doesn’t give any indication of how far back the data on the Beacon Health system might extend, they reported to HHS that 10,324 patients were being notified. Analysis of the files in the compromised system found that they contained: names, contact information, dates of birth, Social Security numbers, driver’s license numbers, treatment and diagnosis information, and/or health insurance information for the Beacon Health patients.


Bad Passwords Are Still Being Recycled, Even After They Have Been Breached

Permalink - Posted on 2022-03-03 18:00

Passwords are a problem that big tech is trying to fix but they are still essential for accessing pretty much anything online. And even now people aren't changing them after a breach and then still use the same password to access multiple sites. SpyCloud, a security firm, highlights in a new report how people are struggling with passwords for multiple online accounts. Based on 1.7 billion username and password combinations it gathered from the 755 leaked sources in 2021, it estimates that 64% of people used the same password exposed in one breach for other accounts.


Consumers Impacted by T-Mobile Data Breach at Risk of Potential Identity Theft

Permalink - Posted on 2022-03-03 18:00

New York Attorney General Letitia James today provided guidance to consumers who may have been impacted by a 2021 T-Mobile data breach, following reports that the stolen information was put for sale on the dark web. Alongside a bipartisan coalition of attorneys general, Attorney General James advised all New York residents who believe they were impacted by the data breach to take appropriate steps to protect their information from identity theft. This comes after several individuals received alerts that their information was circulating online following the August 2021 data breach.


Healthcare Company Mon Health Discloses Second Data Breach

Permalink - Posted on 2022-03-03 18:00

Monongalia Health System (Mon Health) this week started notifying patients, employees, and partners of a cyberattack that may have resulted in their data being stolen. The healthcare services provider discovered the incident on December 18, when some of its IT systems were disrupted, but learned of the potential data theft only a couple of weeks later. The attackers had access to the organization’s network between December 8 and December 19. The data breach may have resulted in patient information – alongside employee, provider, and contractor data – being stolen, but the attackers weren’t able to access the organization’s health electronic records systems. Affected data, Mon Health says, includes names, addresses, birth dates, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, medical treatment information, and various other data.


Logan Health Cyber Attack, Server Hack Leads to Data Access of 214,000 People

Permalink - Posted on 2022-03-03 18:00

Logan Health Medical Center recently notified 213,543 patients, employees and business associates that their personal and health data was possibly accessed, after a sophisticated cyberattack on its IT systems led to the hack of a file server containing protected health information. On Nov. 22, the Montana provider responded to suspicious activity and “evidence of unauthorized access” to one of the eight file servers used for business operations. An investigation revealed certain files were subjected to unauthorized access, including employee PHI. The electronic medical record was not affected by the security incident. The compromised data varied by individual and could include names, Social Security numbers, dates of birth, contact information, and email addresses. All impacted individuals will receive a year of identity monitoring services.


Nvidia Admits Hackers Stole Employee and Internal Data

Permalink - Posted on 2022-03-02 18:00

Nvidia has released more details of an apparent ransomware attack on its networks, admitting that internal data has been taken. The US chip giant had previously given little away, saying only that its “business and commercial activities continue uninterrupted” while it investigated the attack, which was first reported last week. However, a new statement has gone further. “Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” the Nvidia statement revealed. “We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online.”


Monongalia Health System Hacked Again

Permalink - Posted on 2022-03-02 18:00

On December 30, 2021, Mon Health determined that a data security incident resulted in unauthorized access to information pertaining to Mon Health patients, providers, employees, and contractors. Mon Health first learned of this incident on December 18, 2021, when it was alerted to unusual activity in its IT network which disrupted the operations of some of Mon Health’s IT systems. The investigation determined that the incident did not involve unauthorized access to Mon Health’s electronic health records systems but unauthorized parties did access its IT network between December 8, 2021, and December 19, 2021.


Bridgestone Still Struggling with Plant Closures Across North America After Cyber Attack

Permalink - Posted on 2022-03-02 18:00

Bridgestone-Firestone tire factories across North America and Latin America are still struggling to recover from a cyberattack after sending workers home for multiple days. The company did not respond to repeated requests for comment. Local news outlets from across the US reported on outages affecting factories in Iowa, Illinois, North Carolina, South Carolina, Tennessee and Canada.


PHI of 10,000 Individuals Exposed Due to Houston Health Department Portal Glitch

Permalink - Posted on 2022-03-01 17:00

The Houston Health Department has recently announced that the personal information and COVID-19 test results of 10,291 individuals have been exposed online as a result of a technical issue with its portal. The issue allowed approximately 3,500 portal users to access the data of other individuals. The Houston Health Department said it detected the issue on January 6, 2022, and the portal was deactivated within 48 hours. Notification letters had to be delayed for several weeks while the portal issue was investigated to determine the full nature and scope of the incident. The health department confirmed that this was not a hacking incident, and it does not appear that any exposed information has been misused. The types of data that could have been viewed included names, addresses, dates of birth, email addresses, testing dates, and test results.


Insurance Broker Aon Investigating Cyber Incident

Permalink - Posted on 2022-03-01 17:00

Global insurance broker Aon on Monday revealed that it’s investigating a cyber incident impacting some of its systems. In a brief statement submitted to the U.S. Securities and Exchange Commission (SEC), Aon said it detected a cyber incident on February 25. The investigation conducted until the SEC was notified showed that only a “limited number of systems” were impacted.


Toyota to Close Japan Plants After Suspected Cyber Attack

Permalink - Posted on 2022-02-28 18:00

What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, the company announced on Monday. Toyota doesn’t know how long the 14 plants will be unplugged. The closure will mean that the company’s output will shrink by around 13,000 cars. Reuters reported that within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it had apparently been hit by “some kind of cyber attack.”


260,000 Confidential Attorney Discipline Records Published After Data Breach

Permalink - Posted on 2022-02-28 18:00

A shadowy website on Saturday removed 260,000 confidential attorney discipline records it had published after a massive data breach at the State Bar of California. An anonymous administrator for judyrecords.com said in a note on the website that the records, as well as others it intended to publish, had been deleted in response to the State Bar’s disclosure of the breach and a subsequent Southern California News Group article. The administrator claims the records had been made publicly available on the State Bar’s discipline website, which is now offline. But the State Bar disputes that contention. The State Bar first discovered the breach Friday. In addition to limited data on attorney discipline records, judyrecords.com also published about 60,000 public State Bar court cases. The website also displayed confidential court records from other jurisdictions, the State Bar said.


Swedish Camera Giant Axis Still Recovering from Cyber Attack

Permalink - Posted on 2022-02-28 18:00

Camera maker Axis said it is still struggling to deal with a cyberattack that hit its IT systems on February 20. In a message on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday before it shut down all public-facing services globally in the hopes of limiting the impact of the attack. The company announced the outages on Twitter but did not respond to requests for comment. On its status site Friday afternoon, Axis said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages.


Dubai-Based Gems Education Hit by Cyber Attack

Permalink - Posted on 2022-02-25 16:00

Gems Education, the largest education operator in the UAE, faced a cyber attack that had a minimal impact on the group’s operations, the company said on Thursday. The company said an investigation was under way. It has not yet confirmed whether any personal or financial data has been breached. It said some personal data could have been compromised. That includes identification documents, financial information, such as payment history, and data related to creditworthiness, health or medical records, and log-in details, such as usernames and passwords.


Dallas IT Worker Erased Police Files by Accident, Didn't Have Enough Training

Permalink - Posted on 2022-02-25 16:00

A former Dallas IT worker fired after deleting millions of police files last year while trying to move them from online storage didn’t have enough training to do the job properly, according to an independent investigation of the incident. Despite his job primarily being focused on working with Commvault, the software company the city contracts with for cloud storage management, the former city technician only received training on the software twice since 2018, said a report analyzing the incident released this week to city officials by law firm Kirkland & Ellis.


Australia: NSW Driver's License Data Stolen in Accellion Breach

Permalink - Posted on 2022-02-25 16:00

Driver’s licence details were among the personal information stolen from Transport for NSW in the Accellion data breach last year, iTnews can reveal. It has also emerged that at least 500 customers and employees of the agency were impacted in the incident, some of which are only now being notified. TfNSW confirmed it was one of a number of large organisations worldwide to fall victim to the data breach against the 20-year-old File Transfer Appliance (FTA) in February 2021.


New Zealand Technology Company Hacked, Data Stolen

Permalink - Posted on 2022-02-25 16:00

iTCo, which is based in Rotorua, says it was the subject of a ransomware cyberattack in early February. Those responsible are claiming to have stolen more than 4 gigabytes of data. The Office of the Privacy Commissioner confirmed it has been made aware of the attack.


Swedish Camera Giant Axis Still Recovering from Cyber Attack

Permalink - Posted on 2022-02-25 16:00

Camera maker Axis said it is still struggling to deal with a cyberattack that hit its IT systems on February 20. In a message on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday before they shut down all public-facing services globally in the hopes of limiting the impact of the attack.


Logan Health Medical Center Cyberattack Affects More Than 213,000 Patients

Permalink - Posted on 2022-02-24 18:00

ogan Health Medical Center in Kalispell, MT, has recently started notifying certain patients that hackers gained access to a file server that housed patient information in “a highly sophisticated criminal attack.” A security breach of its information technology systems was detected on November 22, 2021, with the initial investigation confirming a hacker had breached its security defenses. Third-party forensic investigators were retained to conduct an investigation to determine the nature and scope of the attack and on January 5, 2022, it was confirmed that certain files on its systems that contained patient information had been accessed. The intrusion was limited to a single file server and its electronic medical records were not compromised. A review of the files on the affected server revealed they contained patient information including names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, insurance claim information, date(s) of service, treating/referring physician, medical bill account number, and/or health insurance informa­tion. The types of information in the compromised files varied from patient to patient.


Americans Report Losing Over $5.8 Billion to Fraud in 2021

Permalink - Posted on 2022-02-24 18:00

The US Federal Trade Commission (FTC) said today that Americans reported losses of more than $5.8 billion to fraud during last year, a massive total increase of over 70% compared to the losses reported in 2020. The FTC added a total of roughly 5.7 million consumer reports to its Consumer Sentinel Network (Sentinel) secure online database in 2021. Out of these, US consumers filed 2,789,161 fraud reports during 2021, 25% of them indicating a monetary loss and informing the consumer protection agency that they lost a total of $5,893,260,382 to fraud schemes.


Oklahoma Cops Say Rape Victims' Data May Have Been Leaked

Permalink - Posted on 2022-02-23 19:00

The Oklahoma City Police Department (OKCPD) has announced that personal data belonging to victims of sexual assault may have been exposed during a security incident at a DNA analysis laboratory. In a statement released on Monday to Oklahoma news channel KFOR, the OKCPD said that a company the department previously used to perform forensic testing had been hacked. The OKCPD said that it had only recently been made aware of the security incident at DNA Solutions Inc. DNA Solutions is a private DNA analysis laboratory whose testing facility is located at the University Research Park Campus in Oklahoma City. The laboratory provides paternity and forensic testing in humans and sire confirmation, genotype registries, DNA banking and animal forensic identification. Master Sgt. Gary Knight told Free Press that the OKCPD had contracted the company for two years to perform “Y-screening” (Y-chromosomal testing) to detect male DNA foreign to the victim of sexual assault. “DNA Solutions Inc. determined that an unauthorized third party accessed their network and may have compromised certain sensitive personal and health-related information from sexual assault kits sent to them for forensic testing,” said the OKCPD. DNA Solutions said that it discovered the hack on November 18 2021, and immediately blocked the hacker’s access to its network. An investigation was launched to determine which files had been accessed by the attacker.


Montana: Logan Health Medical Center Notifying 213,554 About Data Breach

Permalink - Posted on 2022-02-23 19:00

Logan Health Medical Center in Montana is notifying 213, 543 patients, employees, and business associates after discovering that files with personal and protected health information were accessed without authorization. According to a notification submitted to the Maine Attorney General’s Office, Logan first detected suspicious network behavior on November 22, 2021. On January 5, their investigation confirmed access to one of their eight file servers used for business operations. Their report to the state indicates that the breach occurred on November 18, 2021. The notification does not reveal how many of those being notified are patients, and the incident has not (yet?) shown up on HHS’s public breach tool as of the time of this publication. For patients, the types of information involved might include name, Social Security number, address, date of birth, telephone number, or email address.


Boston Law Firm Taylor, Ganson & Perrin Notifies Clients of Data Breach

Permalink - Posted on 2022-02-23 19:00

One month after first detecting a problem, Boston law firm Taylor, Ganson & Perrin LLP is providing notice of a data security breach. Like many law firms who have experienced breaches, clients’ medical information and what might be protected health information may have been accessed or acquired by the unnamed threat actor(s), but whether it was actually PHI in this situation and reportable as a HIPAA breach is not yet clear. Nor is it clear yet how many people have been impacted, and whether this was a ransomware incident or some other type of hack. The information that may have been subject to access and/or exfiltration varies by individual based upon the information provided to TGP. The type of information could include name, Social Security number, driver’s license number or state identification card number, passport number, military identification number, financial account information, credit card number, medical information, health insurance information, username and password for online accounts, digital signature and/or taxpayer identification number.


Personal Data Leaks from Listed Japan Firms Hit Record High in 2021

Permalink - Posted on 2022-02-23 19:00

The number of personal information leaks from companies listed on Japanese stock exchanges, as well as their subsidiaries, rose by 30 percent in 2021 from the previous year to a record 137 cases, according to a corporate research agency. Tokyo Shoko Research said in a report that over 50 percent or 68 of the data breaches were caused by malware or unauthorized access. It said the number of cyberattacks rose for the third straight year. Since the agency first began collecting such data in 2012, leaks of personal information pertaining to approximately 120 million people, roughly the equivalent of Japan's population, have been confirmed.


Potential Board Liability for Cyber Security Failures Under Caremark Law

Permalink - Posted on 2022-02-23 19:00

Cases recently decided by the Delaware Chancery Court under the landmark Caremark case have paved a path for shareholder-plaintiffs to hold directors and officers liable for breaching their fiduciary duties in the wake of a cybersecurity failure, and have increased the importance of board oversight of cybersecurity. The Court’s 1996 landmark decision in Caremark established a legal framework for holding directors personally liable for breaching the duty of loyalty when the directors fail to “appropriately monitor and supervise the enterprise.” Under Caremark, directors may be liable in two distinct contexts: (1) “a board decision that results in a loss because that decision was ill advised or ‘negligent,’” or (2) “an unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss.” For liability to attach under the Caremark theory, the board must have entirely failed to provide any reasonable oversight in a “sustained and systematic fashion,” or the information reporting system on which the board relied must be deemed an “utter failure.” Historically, it has been very difficult for plaintiffs to satisfy the onerous standard established in Caremark, and cases pursuing this legal theory have often been unsuccessful. However, shareholders have recently found some success with this theory of liability and a trend of using Caremark to sue directors for failing to adequately protect against cybersecurity breaches is emerging. In 2019, the Delaware Supreme Court issued a noteworthy decision concerning the Caremark standard. Marchand v. Barnhill involved a board’s alleged failure to oversee the company’s food manufacturing and safety procedures. The company, an American ice cream manufacturer regulated by the Food and Drug Administration, conducted a product recall after a listeria outbreak connected to its products resulted in three deaths. The product recall and related plant shutdowns translated into a monetary loss for investors. Plaintiffs brought a Caremark action against the company’s directors, alleging that the board failed to oversee the company’s food safety procedures. On appeal, the Court reversed the Chancery Court’s dismissal of the Caremark claim and allowed the case to proceed against the directors. The key allegations that the Court focused on in its decision to allow the claim to proceed included: (1) the non-existence of a board committee that addressed food safety; (2) the lack of reports and/or procedures requiring management to keep the board apprised of food safety compliance practices; (3) lack of evidence that “red” or “yellow” flags related to the outbreak and contained in management reports were disclosed to the board; (4) the fact that the board was presented with favorable information about food safety but not advised of negative reports that existed; and (5) board meetings lacked any regular discussions of food safety issues. The Marchand decision marked a milestone in the progression of Caremark claims and provided a roadmap for plaintiffs to satisfy the high standard for such claims. Since the decision in Marchand, shareholder-plaintiffs’ Caremark claims have prevailed at the motion to dismiss in several additional cases, including In re Boeing Co. Derivative Litig.2 Relying on the rationale Marchand, the Delaware Court of Chancery allowed a Caremark claim to proceed against Boeing’s directors, holding that the shareholder-plaintiffs adequately pled that the directors failed to adequately oversee Boeing’s airplane safety, which was “essential and mission critical” to the company’s business. The factors that the Court considered in Marchand and Boeing are readily applicable to the cybersecurity context.


Billion-Dollar Logistics Giant Expeditors Struggling to Recover from Cyber Attack

Permalink - Posted on 2022-02-22 19:00

Logistics and freight forwarding giant Expeditors International announced a cyberattack on Sunday that crippled some of their operating systems and continues to slow their operations around the globe. The company did not say whether it was a ransomware attack and did not respond to requests for comment. On Sunday, they said systems may be unavailable as they try to secure their system, noting that "backup procedures are being implemented." Another update was released on Monday explaining that the company's global operations were still being affected by the attack. Expeditors said it was working through its crisis management and business continuity response plans but was still struggling to recover.


One Year Later, Minimally Invasive Surgery of Hawaii Notifies Patients of Ransomware Incident

Permalink - Posted on 2022-02-22 18:00

It appeared that this was a ransomware incident. It is not clear from the notice who the attackers were and whether any ransom was paid to get a decryption key. OAH states that HHS has been notified, but their notice has not yet shown up on HHS’s public breach tool. Full name, address, date of birth, medical treatment and diagnosis information, health insurance information, and for a limited number of individuals, Social Security number.


Sea Mar Community Health Centers Facing Class Action Lawsuit Over 688,000-Record Data Breach

Permalink - Posted on 2022-02-22 18:00

Seattle, WA-based Sea Mar Community Health Centers is facing a class action lawsuit over a cyberattack in which the protected health information of 688,000 individuals was compromised. The breach came to light in June 2021 when files stolen in the attack were posted on the Marketo dark web leak site. Databreaches.net spotted the leaked data on the Marketo data leak site in June 2021 and contacted Sea Mar. In October 2021, Sea Mar sent notification letters to affected individuals and explained that the hackers gained access to its network between December 2020 and March 2021 and exfiltrated sensitive data including names, addresses, Social Security numbers, dates of birth, and health information. The data breach was reported to the HHS’ Office for Civil Rights the same month as affecting 688,000 current and former patients. Affected individuals were offered complimentary credit monitoring and identity theft protection services for 12 months. According to Databreaches.net, the threat group behind the attack claimed to have stolen 3TB of data from Sea Mar. There may also have been a further disclosure of the stolen data by a threat group known as Snatch Team. Databreaches.net found multiple references to Sea Mar in a 22TB set of data, as did a researcher at Intel. In addition to being posted on dark web leak sites, Databreaches.net said the stolen data had also been posted on at least two clear net leak sites – Those operated by Marketo and Snatch Team. The latest lawsuit – Hall v. Sea Mar Community Health Centers – was filed in Washington state superior court on behalf of former Sea Mar patient Alan Hall and “more than 650,000” others affected by the data breach. The lawsuit alleges Sea Mar was negligent for failing to implement adequate and reasonable cybersecurity procedures and protocols to protect patient and employee information and maintained sensitive patient data “in a reckless manner.” Sea Mar is alleged to have failed to disclose it did not have adequately robust computer systems and security practices and was not properly monitoring its network for intrusions, which allowed the threat actors to access its systems for four months. The lawsuit also alleges Sea Mar delayed issuing breach notifications, which were sent around 10 months after the initial intrusion and 4 months after the data breach was discovered. The lawsuit alleges the plaintiff and class members are exposed to a present and imminent risk of fraud and identity theft because their sensitive data is in the hands of data thieves and has been made available to other cybercriminals through the leaking of the data on the dark web. The plaintiffs and class members are alleged to have suffered injury and ascertainable losses due to the threat of fraud and identity theft, loss of the benefit of their bargain, out-of-pocket expenses, the value of their time spent mitigating the effects of the cyberattack and data breach, and loss of value of their personal information.


NFT Investors Lose $1.7 Million in OpenSea Phishing Attack

Permalink - Posted on 2022-02-22 18:00

Over the weekend, hackers stole millions of dollars worth of non-fungible tokens (NFTs) belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. (NFTs are digital tokens on the blockchain that represent ownership over virtual assets, such as digital drawings or music.) “Panic erupted” wrote Molly White, who runs the blog Web3 is Going Great, because “many others feared the same could happen to them.” Speculation abounded that a glitch might have arisen from OpenSea’s smart contract – i.e., the software that the platform runs on – or perhaps from a widely disseminated token airdrop carried out by a knockoff NFT marketplace called X2Y2. The real cause was much more interesting. About an hour and a half after the NFTs went missing, OpenSea tweeted that, in fact, the phenomenon appeared “to be a phishing attack originating outside of OpenSea’s website.”


Meyer Breach Impacts U.S. Employees' Personal Information

Permalink - Posted on 2022-02-22 18:00

Cookware giant Meyer has revealed a data breach that impacted an undisclosed number of employees.The firm, which is the largest distributor of cookware in the US, revealed the incident in a notification letter to employees posted to the website of the California attorney general’s office. It notes that the attack happened at the end of October 2021, but it wasn’t until December 1 that an investigation revealed employee data might have been taken. The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; permanent resident card and information regarding immigration status; and information regarding your dependents (including Social Security numbers),


91% of U.K. Organizations Compromised by an Email Phishing Attack in 2021

Permalink - Posted on 2022-02-22 18:00

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report. The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020. Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.


Luxury Children's Fashion E-commerce Site Exposes Customers Worldwide

Permalink - Posted on 2022-02-22 18:00

The SafetyDetectives security team discovered a data breach affecting the French children’s fashion e-commerce website melijoe.com. Melijoe is a high-end children’s fashion retailer based in France. An Amazon S3 bucket owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers. Altogether, melijoe.com’s misconfigured Amazon S3 bucket has exposed almost 2 million files, totaling around 200 GB of data. A few files on the bucket exposed hundreds of thousands of logs containing the sensitive data and personally identifiable information (PII) of Melijoe’s customers. These files contained different data sets: Preferences, wishlists, and purchases. There were other file types on the bucket, too, including shipping labels and some data related to melijoe.com’s product inventory.


83% of Employees Continue Accessing Old Employer's Accounts

Permalink - Posted on 2022-02-21 19:00

In a recent study, Beyond Identity gathered responses from former employees across the United States, the United Kingdom, and Ireland and found 83% of employees admitted to maintaining continued access to accounts from a previous employer. The cybersecurity threat this poses is coupled with the fact that 56% of these employees said they had used this continued digital access with the specific intent of harming their former employer. Ongoing access to sensitive information paired with frequently malicious intent spelled disaster for these former employers. When the survey turned to focus specifically on responses from managers and business leaders, 74% admitted their company had been negatively impacted by a former employee breaching their cybersecurity. The most common hacks and infractions included logging into corporate social media (36%), looking through company emails (32%), and taking company files and documents (31%). More than one in four former employees even went so far as to log in to the back end of the company’s website.


QRS Data Breach Exposed Psych Care Consultants Patient Information

Permalink - Posted on 2022-02-18 20:00

This incident was reported to HHS as impacting 319,788 patients. We would subsequently learn that one of QRS’s clients was Psych Care Consultants (PCC), whose external counsel first notified the New Hampshire Attorney General’s Office on December 29, 2021. By then, however, QRS data was also allegedly available on the dark web and clear net by threat actors who call themselves “Snatch Team.” Whether they had all of QRS’s data or just some of it is not known to this site, but the fact that some of QRS’s data was leaked to put pressure on the vendor to pay ransom suggests that other data of held by QRS may also find its way on to the dark web or clear net. The suit argues that PCC failed to “exercise due care” in overseeing QRS’s handling of its patients’ private information and ensure that the vendor employed reasonable data security standards, such as deleting inactive records. According to the suit, although QRS claims to have notified PCC of the data breach within 10 days of its discovery, PCC failed to provide notice to patients.


Bible Fellowship Church Homes Notifies Residents of Data Security Incident

Permalink - Posted on 2022-02-18 20:00

Bible Fellowship Church Homes, Inc., dba Fellowship Community ("Fellowship Community"), a faith-based continuing care retirement community located in Pennsylvania, has learned of a data security incident that may have involved personal and protected health information belonging to certain current and former Fellowship Community residents. Fellowship Community has sent notification of this incident to potentially affected individuals and provided resources to assist them. On August 6, 2021, Fellowship Community became aware of unusual activity within its network environment. Upon discovering this activity, Fellowship Community immediately took steps to secure its environment and launched a thorough investigation with the assistance of digital forensics experts. The investigation determined that certain Fellowship Community data may have been accessed or acquired without authorization on July 31, 2021. Fellowship Community thereafter began a thorough review of the potentially affected data. This review concluded on February 1, 2022, and revealed that some individuals' personal and protected health information may have been contained therein. Fellowship Community thereafter worked diligently to gather up-to-date contact information needed to notify all potentially affected individuals.


Dad Takes Down Town's Internet by Mistake to Get His Kiids Offline

Permalink - Posted on 2022-02-18 20:00

A French dad faces jail time and a hefty fine after using a signal jammer to prevent his kids from going online and taking the rest of a nearby town down with them. Starting at midnight and until 3 AM every day of the week, the French town of Messanges found that their cellular and Internet service were no longer working. After a mobile carrier reported the issue to the Agence nationale des fréquences (ANFR), a public agency responsible for managing the radioelectric spectrum in France, it was determined that a signal jammer was being used to block radio frequencies in the town.


New York Fertility Clinic Hit with Ransomware

Permalink - Posted on 2022-02-17 18:00

A fertility clinic based in New York City is notifying patients that their personal data may have been compromised and possibly stolen during a recent cyber-attack. Extend Fertility, specializing in IVF and freezing eggs and embryos, was hit with ransomware in December 2021. The clinic hired third-party digital forensic specialists to determine the incident's nature and scope. A month-long investigation into the attack found that cyber-criminals had access to servers on which the protected health information (PHI) and personal data of some of the clinic's patients was stored. Information potentially compromised in the security incident includes first and last name, gender, home address, phone number, email address, and date of birth, medical history, diagnosis and treatment information, dates of service, lab test results, prescription information, provider name, medical account number and financial information. The full extent of the attack has not yet been engaged as the data analysis is ongoing. However, the clinic has begun informing individuals whose data may have been viewed and/or obtained.


Over 620 Million Ransomware Attacks Detected in 2021

Permalink - Posted on 2022-02-17 18:00

Corporate IT teams were faced with a triple-digit (105%) growth in ransomware attacks last year to over 623 million, according to SonicWall. The security vendor’s newly published 2022 SonicWall Cyber Threat Report was compiled with analysis from one million security sensors in nearly 215 countries, as well as third-party sources. Nearly all monitored threats, including IoT malware, encrypted threats and cryptojacking, rose year-on-year in 2021. However, the rise of ransomware has been particularly meteoric, surging 232% since 2019, with detections up nearly 319 million on 2020 figures. Alongside an 1885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%) also experienced a surge in ransomware threats. SonicWall said it also identified a total of 442,151 never-before-seen malware variants in 2021, a 65% year-on-year increase and an average of 1211 per day. Encrypted threats – malicious attacks hidden in HTTPS traffic – increased 167% in 2020, reaching 2.5 million by the end of the year. Cryptojacking attacks rose 19% globally to a record high of 97.1 million, while IoT malware detections increased 6% to 60.1 million over the year, according to SonicWall. Interestingly, the vendor also saw a rapid and significant impact from Log4Shell exploitation. Threat actors logged 142 million exploit attempts between December 11 and January 31, amounting to 2.7 million per day.


Hackers Had Access to Red Cross Network for 70 Days

Permalink - Posted on 2022-02-17 18:00

One month after disclosing a data breach that affected roughly 515,000 people, the International Committee of the Red Cross (ICRC) announced that the hackers had access to its network for 70 days before the attack was discovered. The attackers gained access to the Red Cross network on November 9, 2021, by exploiting CVE-2021-40539, a critical-severity authentication bypass flaw in Zoho’s ManageEngine ADSelfService Plus, ICRC explains in an updated FAQ.


LinkedIn Phishing Scams Increase 232% Since February 1st of This Year

Permalink - Posted on 2022-02-17 18:00

Phishing attacks impersonating emails from LinkedIn have grown 232% since the start of February, according to cybersecurity firm Egress. The company released a report about cybercriminals using display name spoofing and stylized HTML templates to socially engineer victims into clicking on phishing links in Outlook 365 and then entering their credentials into fraudulent websites. In a statement to ZDNet, a LinkedIn spokesperson urged users to go to their Help Center for help with identifying phishing messages.


Maryland: Baltimore Conned Out of $375,000 in Cyber Scam

Permalink - Posted on 2022-02-17 00:00

A new report by the Office of the Inspector General (OIG) has revealed that Baltimore city was tricked out of hundreds of thousands of dollars last year by a cyber-criminal posing as a vendor. The OIG launched an investigation after receiving information from Baltimore’s Bureau of Accounting and Payroll Services (BAPS) in October 2021 regarding an alleged fraudulent Electronic Funds Transfer (EFT). The alarm was raised over a contractor who had received funds from the Mayor’s Office of Children and Family Success (MOCFS). A fraudster claiming to be associated with an employee from the vendor company emailed BAPS and MOCFS twice to request a change to the vendor’s EFT remittance information. The fraudster asked for the bank details kept on file for the vendor to be updated to a different bank account at another financial institution.


Healthcare Data Breaches Impact 147,000 Illinoisans

Permalink - Posted on 2022-02-17 00:00

The protected health information (PHI) of nearly 150,000 residents of Illinois may have been exposed in data breaches at two separate healthcare organizations. South Shore Hospital (SSH) in Chicago and the Family Christian Health Center (FCHC) in Harvey, Illinois, have begun notifying Illinoisans that the security of their data may have been compromised. SSH became aware of suspicious activity on its network on December 10 2021. The hospital hired a third-party digital forensics firm to investigate the activity and activated its emergency cybersecurity protocols. The investigation determined that data belonging to some current and former hospital patients and employees may have been accessed by an unauthorized third-party. Data that may have been exposed in the attack included names, addresses, birth dates, Social Security numbers, health insurance information, diagnoses, Medicare and Medicaid information and financial information. SSH has not revealed the exact nature of the incident or stated whether any files had been exfiltrated during the attack.


PHI of 521,000 Individuals Compromised in Security Breach at Morley Companies

Permalink - Posted on 2022-02-17 00:00

Morley Companies, a Saignaw, MI-based provider of business services, has recently announced it was the victim of a cyberattack that started on August 1, 2021, that prevented access to data on its information systems. Rapid action was taken to isolate the affected systems and a leading cybersecurity firm was engaged to investigate and determine the nature and scope of the security incident. In addition to encrypting data on its systems, the attackers exfiltrated certain data from its systems. A comprehensive review was conducted of all files on its systems that could have been accessed by the attackers, and Morley Companies then started collecting contact information for those individuals to allow notification letters to be sent. Morley Companies said that process was completed in early 2022, and notification letters started to be sent to affected individuals on February 1, 2022. The forensic investigation confirmed the following types of information were potentially accessed and/or stolen in the cyberattack: Names, addresses, Social Security numbers, birthdates, client identification numbers, medical diagnostic and treatment information, and health insurance information.


15,000 Patients Affected by Philadelphia FIGHT Community Health Centers Cyber Attack

Permalink - Posted on 2022-02-17 00:00

Philadelphia FIGHT Community Health Centers has recently announced it was the victim of a cyberattack on November 30, 2021. Third-party forensic investigators were engaged to determine the nature and scope of the breach. The investigation confirmed its electronic medical record system and other clinical systems were not compromised in the attack; however, on January 13, 2022, Philadelphia FIGHT discovered the attacker had accessed non-clinical systems that housed files containing the protected health information of around 15,000 patients. It was not possible to determine if the attacker viewed or obtained any patient information, although no reports have been received that suggest any patient information has been misused. The information potentially compromised in the attack included names, dates of birth, Social Security numbers, medical diagnoses, treatment information, and health insurance information.


Canada: Saskatchewan Health Authority Outs Employees Who Were Part of COVID Testing Program

Permalink - Posted on 2022-02-17 00:00

About 200 Saskatchewan Health Authority (SHA) employees were accidentally identified by name in an email as participants of the organization's now-scrapped mandatory testing program. The SHA ended its vaccine and testing mandate Monday. Before that, its approximately 44,000 employees had to provide proof of vaccination or enroll in a mandatory testing program at their own cost. Employees had to test three times a week. The program cost them $225 per month, according to the "Monitored Testing Program Handbook" sent to staff in November. CBC News obtained a copy of the email the program sent on Feb. 11. It disclosed that employees were participants of the testing program and informed them that the program was ending, with all payroll deductions stopped. The email was sent to employees in alphabetical groups by their first names. One group had 104 employees, while another had 98. The SHA confirmed to CBC that about 200 health-care workers were affected. About an hour-and-a-half later, another email was sent to employees saying recipient names were "inadvertently added to the CC (carbon copy) field, instead of the BCC (blind carbon copy) field."


Arizona: La Posada Notifies Current and Former Employees of Malware Incident

Permalink - Posted on 2022-02-17 00:00

On December 10, 2021, certain La Posada IT systems became infected with a software virus that prohibited access to some files and email. Upon discovery, La Posada notified law enforcement and began an investigation, which includes working with third-party forensic investigators, to determine the full nature and scope of the incident, and to secure the La Posada network. That investigation determined that there may have been unauthorized access to certain information. he potentially accessed information varies by individual, but may include first and last name, date of birth, driver’s license, Social Security number, direct deposit information, passport number, Drug and/or TB test results, information associated with explanation of benefits, self-funded medical plan participants, Member ID numbers, and COVID Vaccine cards.


CaptureRx Proposes $4.75 Million Settlement to End Data Breach Litigation

Permalink - Posted on 2022-02-15 20:00

CaptureRx is a healthcare administrative service provider that helps hospitals manage their 340B drug discount programs. On February 6, 2021, CapturRx discovered unauthorized individuals had gained access to its network and used ransomware to encrypt its files. On March 19, 2021, CaptureRx determined files containing patient data had been compromised, and affected clients started to be notified on March 30, 2021. CaptureRx publicly announced the data breach but did not initially disclose how many individuals had been affected. The breach was reported to the HHS’ Office for Civil Rights in May 2021 by CaptureRx as affecting 1,656,569 individuals, although several of its healthcare provider clients reported the breach themselves. Several class action lawsuits were proposed that alleged CaptureRX was negligent for failing to implement and maintain appropriate safeguards to protect patient data and other claims. CaptureRx took the decision to propose a settlement to resolve all claims associated with the data breach to avoid further legal costs. Christopher Hotchkiss, CEO of NEC Networks, CaptureRx’s parent company, said CaptureRx is facing multiple claims for indemnity from its customers, which has placed a considerable financial strain on the company. Hotchkiss said CaptureRx is not a large national or multinational company and has limited resources. The settlement was proposed to end the litigation to avoid further legal costs. Hotchkiss said if the settlement is not finalized, CaptureRx may be forced into filing for bankruptcy. “By settling now, the settlement class can take advantage of remedies that would be unavailable or worth substantially less by the time of a litigated final judgment,” said legal counsel for CaptureRx in the court filing.


Meta Agrees to Pay $90 Million Settlement in Decade-Old Facebook Privacy Suit

Permalink - Posted on 2022-02-15 20:00

he legal fight was caused by Facebook's use of cookies and a proprietary browser plug-in in 2010 and 2011 to track users after they had completely logged off the social network. Although users had to agree to being tracked while they were logged into Facebook, that tracking was supposed to end upon logout, according to the end-user licensing agreement. It did not. the settlement to the privacy-focused suit is now being considered by the US District Court for the Northern District of California, which will need to approve the agreement. The case has been simmering for nearly a decade thanks to a series of appeals from both sides, with Facebook having won out in several previous hearings. However, in 2020, the 9th Circuit Court ruled against the social network. This decision, followed by the US Supreme Court declining to hear the case, likely prompted its decision to finally settle the matter.


Internet Society Data Leak Exposed 80,000 Members' Login Details

Permalink - Posted on 2022-02-15 20:00

The Internet Society (ISOC), a non-profit dedicated to keeping the internet open and secure, has blamed the inadvertent exposure of its 80,000-plus members’ personal data on a third-party vendor. The data, which was publicly accessible on an unprotected Microsoft Azure cloud repository, comprised millions of JSON files including, among other things, full names, email and mailing addresses, and login details.


South Shore Hospital Network Hack Impacts Data of 116,000 Patients

Permalink - Posted on 2022-02-15 20:00

South Shore Hospital in Chicago recently notified 115,670 current and former patients and employees that their data was affected after a hack of the non profit’s network in early December. On Dec. 10, 2021, SSH discovered suspicious activity on its network and “activated its emergency operating protocols to continue providing safe patient- and family-centered care.” While the incident sounds like a ransomware attack, the notice provides no further details into the hack.


National Math and Science Initiative Notifies More Than 190,000 of Data Security Incident

Permalink - Posted on 2022-02-14 18:00

The National Math and Science Initiative (NMSI) in Texas describes itself as a non-profit organization whose mission is to improve U.S. student performance in the subjects of science, technology, engineering, and math. According to their notification letter, on or about October 13, 2021, their AV software triggered an alert. Through the resulting investigation, NMSI determined that between September 23, 2021 and October 18, 2021, an unauthorized actor “may have had access to certain systems.” Although they claim there is no evidence of misuse, the information that could have been subject to unauthorized access includes name, address, and Social Security number. The notification, sent to 191,255 people, does not indicate whether all of those potentially affected are students, teachers, employees or contractors.


Data Breach at Morley Companies

Permalink - Posted on 2022-02-14 18:00

The personal information of 521,000 people may have been exposed in a data breach at a business services company based in Saginaw, Michigan. Cyber-criminals targeted Morley Companies last year in an attack detected on August 1, when data in the company’s care suddenly became unavailable. On Friday, Michigan attorney general Dana Nessel confirmed that “a data security incident that may have impacted data belonging to current employees, former employees and various clients” had been reported by Morley.


Australia: Sensitive Addresses Among More Than 500,000 Leaked from NSW Government Database

Permalink - Posted on 2022-02-14 18:00

New South Wales Premier Dominic Perrottet has admitted the leak of more than 500,000 addresses, including Defence sites, a missile maintenance unit and domestic violence shelters through a government website "shouldn't have happened". The hundreds of thousands of locations were collected by the NSW Customer Services Department through its QR code registration system and made public through a government website. The locations, seen in a dataset obtained by 9News, were businesses or organisations which registered as wanting to comply by COVID-Safe directions.


Sports Brand Mizuno Hit with Ransomware Attack Delaying Orders

Permalink - Posted on 2022-02-14 18:00

Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack. Sources who spoke to BleepingComputer on the condition of anonymity said that Mizuno suffered a ransomware attack over the weekend of February 4th, targeting the USA corporate network. This cyberattack led to significant business disruption, including phone outages, delays in shipping products, and website issues.


San Francisco 49ers Confirm Ransomware Attack

Permalink - Posted on 2022-02-14 18:00

The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network, a spokesperson for the team has told The Record. It is unclear how the current attack will impact the team’s plan for the next NFL season/year, which will start later this month with the free agency signing period, NFL Combine event, and subsequent NFL Draft.


Europe's Biggest Car Dealer Hit with Ransomware Attack

Permalink - Posted on 2022-02-11 20:00

One of Europe's biggest car dealers, Emil Frey, was hit with a ransomware attack last month, according to a statement from the company. The Swiss company showed up on the list of victims for the Hive ransomware on February 1 and confirmed that they were attacked in January. "We have restored and restarted our commercial activity already days after the incident on January 11, 2022," a spokesperson said, declining to answer more questions about whether customer information was accessed.


Hong Kong: Harbour Plaza Hotel Customers Warned Over Data Leak

Permalink - Posted on 2022-02-11 20:00

More than a million customers of the Harbour Plaza Hotel group are being advised to be on their guard for possible scams after its booking database came under a cyber attack. Privacy Commissioner Ada Chung said on Friday that she's probing the data leak involving 1.2 million customers, after receiving a report from the company on Wednesday. Chung said her office is seeking to find out from the firm what type of personal data was involved in the incident.


Canada: Military Sexual Misconduct Settlement Hit by Privacy Breach

Permalink - Posted on 2022-02-11 20:00

The company administering the federal government’s $900-million settlement deal with Armed Forces members and veterans who experienced sexual misconduct while in uniform has inadvertently released private information about dozens of claimants. Epiq Class Action Services Canada confirmed the privacy breach on Wednesday, after a veteran said she had received an e-mail last week containing letters intended for more than 40 other people. Retired master corporal Amy Green said she was shocked when she discovered she had been sent names, e-mail addresses and claim numbers, which she said is enough information to access certain parts of a claimant’s file.


Inmediata Agrees to Settle Class Action Lawsuit for $1.125 Million

Permalink - Posted on 2022-02-11 20:00

Inmediata, a provider of clearinghouse services and business process software, has agreed to settle a class action lawsuit filed by victims of its 2019 security breach that exposed the protected health information of more than 1.56 million individuals. In January 2019, Inmediata discovered a misconfiguration on its website resulted in internal web pages containing electronic protected health information (ePHI) being accessible over the Internet. The web pages were indexed by the search engines and could be found in the search engine listings. The exposed information was mostly limited to names, addresses, dates of birth, gender, and medical claim information. A small percentage of individuals also had their Social Security numbers exposed. When sending notification letters to affected individuals, errors were made by its mailing vendor that resulted in letters being sent to incorrect individuals. Some individuals reported receiving multiple notification letters, with some containing the names of other patients. The notification letters were sent in April 2019, three months after the data breach was discovered. Inmediata’s investigation found no evidence to suggest any information on the web pages had been viewed or copied by unauthorized individuals, but it was not possible to rule out unauthorized ePHI access. In April 2019, a class action lawsuit – Jessie Seranno et al. v. Inmediata Corp. and Inmediata Health Group Corp – was filed on behalf of victims of the breach that alleged Inmediata had failed to implement appropriate information security measures to keep individuals’ protected health information private and confidential, and also unnecessarily delayed issuing breach notification letters.


Marketing Firm Exposes Lead Data

Permalink - Posted on 2022-02-11 20:00

Security researchers at Website Planet have discovered an unsecured Amazon S3 bucket containing the Personal Identifiable Information (PII) of millions of people. Inside the bucket were ten folders, containing around 6,000 files and totaling over 1GB of data. While most (approximately 99%) of the data belongs to American residents, some information relates to people living in Canada. In a blog post detailing the security failure, researchers claim that the unsecured bucket is the property of Beetle Eye–a marketing and CRM company which is based in Sarasota, Florida.


Half of Global Emails Were Spam in 2021

Permalink - Posted on 2022-02-11 20:00

Nearly half of emails destined for inboxes in 2021 were classed as spam, with Russia the biggest culprit, according to Kaspersky. In its new Spam and Phishing in 2021 report, the Russian AV company revealed that it detected spam rates at an average of 46% over the year, peaking at 48% in June. Most of it came from machines in Russia (25%), followed by Germany (14%), the US (10%) and China (9%). The vendor said it blocked over 148 million malicious email attachments in 2021, with credential-stealing Trojans from the Agensla family the most common type, accounting for 9% of the total. Kaspersky’s anti-phishing technology blocked over 253 million phishing attempts during the year, and the firm claimed that 8% of global users faced at least one such attack. Brazilian (12%), French (12%) and Portuguese (11%) users were the most frequently targeted by attackers. Most commonly spoofed in phishing attacks were online stores (18%), internet portals (17%) and payment systems (13%). WhatsApp accounted for the vast majority (90%) of phishing messages detected in 2021, followed by Telegram and Viber (both 5%). Kaspersky claimed to have blocked a total of 342,000 such attempts.


DDoS Attacks Hit All-Time High

Permalink - Posted on 2022-02-11 20:00

The number of distributed denial of service (DDoS) attacks recorded per quarter by cybersecurity company Kaspersky reached an all-time high in the final three months of 2021. According to the company’s DDoS attacks in Q4 2021 Report, the total number of DDoS attacks that occurred in Q4 was 4.65 times higher compared with the same period in 2020 and showed an increase of 52% over Q3 2021. Q4 2021 also saw the emergence of several new DDoS botnets, including a zombie network named Abcbot. Most of the DDoS attacks in Q4 were reported in the United States (43.55%), China (9.96%) and Hong Kong (8.8%). Germany suffered 4.85% of the attacks, while France suffered 3.75%. Alexander Gutnikov, a security expert at Kaspersky, said that while the last three months of any year are generally a peak period for DDoS attacks because of the holidays and their associated online retail sales, 2021’s DDoS attack threat landscape was exceptional.


Feds Oppose Immediate Release of Voting Machine Report

Permalink - Posted on 2022-02-11 16:00

A federal cybersecurity agency is reviewing a report that alleges security vulnerabilities in voting machines used by Georgia and other states and says the document shouldn’t be made public until the agency has had time to assess and mitigate potential risks. The report has been under seal since July in federal court in Atlanta, part of a long-running lawsuit challenging Georgia’s voting machines. Its author, J. Alex Halderman, said in sworn declarations filed publicly with the court that he examined the Dominion Voting Systems machines for 12 weeks and identified “multiple severe security flaws” that would allow bad actors to install malicious software. Plaintiffs in the case, who are election security advocates and individual voters, have for months called for the release of a redacted version of the report and urged that it be shared with state and federal election security officials. Lawyers for the state had repeatedly objected to those requests, but Secretary of State Brad Raffensperger last month put out a news release calling for its release.


Google Drive Accounted for 50% of Malicious Office Document Downloads

Permalink - Posted on 2022-02-11 16:00

A new report published by Atlas VPN has revealed startling new details about how widely used platforms like Google and Microsoft are exploited by attackers to spread malware. The most surprising finding from Atlas VPN’s team is that in 2021 around 50% of malicious Microsoft Office documents out of all malware were downloaded from Google Drive, and 37% of all malware downloads on the platform were malicious office documents. It is worth noting that Google Drive surpassed Microsoft OneDrive in terms of popularity in 2020, which caused 34% of all malicious office document download apps from this platform in 2020. The research further revealed that MS OneDrive represented 19% of all malicious Office document downloads, while MS Sharepoint ranked third as users used it to download 15% of all malicious Office documents containing malware. Google’s Gmail accounted for 4% of malicious office document downloads, and Box was used for 3% of office documents embedded with malware. In the first quarter of 2020, out of all downloaded malware, the percentage of malicious office documents was 19%. This number increased to 46% in quarter two, while in quarter three and four of 2020, the percentage declines to 36% and 29%, respectively. At the start of 2021, this percentage reached 43%, and by quarter four of 2021, the rate dropped to 37%.


Cyber Attack Disrupts Slovenia's top TV Station

Permalink - Posted on 2022-02-11 16:00

A cyber-attack has disrupted the operations of Pop TV, Slovenia’s most popular TV channel, in an incident this week believed to be an extortion attempt. The attack, which took place on Tuesday, impacted Pop TV’s computer network and prevented the company from showing any computer graphics for the evening edition of 24UR, the station’s daily news show. The night edition of the same show was canceled altogether, although a truncated version of the news aired on the company’s website, Pop TV said in a statement on Tuesday, the day of the attack. But while news broadcasts were restored by the next day, the attack also impacted other parts of the network’s operation. In a second statement on Wednesday, Pop TV said the attack also hit some of its web servers, including VOYO, an on-demand streaming platform that offers channels from its parent company, along with licensed movies and TV series. The company said the attack prevented its staff from adding new content to the platform and streaming any of its channels and live sporting events, such as the Winter Olympics, which angered many of its paid subscribers.


U.K. ICO Hit by 2,650% Rise in Email Attacks

Permalink - Posted on 2022-02-10 16:00

The UK’s Information Commissioner’s Office (ICO) experienced an astonishing 2650% increase in email attacks during 2021, according to official figures obtained by the Parliament Street think tank following a Freedom of Information request. The figures revealed that email attacks targeting the UK’s privacy and data protection regulator surged from 150,317 in January to an incredible 4,135,075 in December. The data relates to the volume of phishing emails detected, malware detected and blocked and spam detected and blocked by the ICO for each month last year. Spam emails represented the majority of the attacks, with cases surging by 2775% from January to December. Phishing emails also increased significantly during this period, by 20%, while malware soared by 423%. The data showed a particularly large spike in email attacks in December, with 4,125,992 spam messages, 7886 phishing emails and 1197 malware instances. This surge is thought to be linked to the rapid spread of the Omicron variant in the UK at the end of last year, with threat actors able to leverage topics like testing and vaccines as a lure. This is in addition to Christmas scams in the build-up to the holiday period.


Florida: Ransomware Group Claims to Have Stolen Data on 260,000 Patients

Permalink - Posted on 2022-02-10 16:00

Covered entities in the medical sector continue to be an attractive target for ransomware groups, and earlier this week, Avos Locker added Jax Spine and Pain Centers (“JAX”) to their leak site. JAX has seven locations in North Florida and south Georgia. According to the threat actors’ listing on their dark web site, “We have the full EHR (Electronic Medical Records) database for 262,000 patients! We are publishing list only for first 100 patients as proof.” DataBreaches.net examined the .csv file with 100 records and found that it contained what appeared to be older data (circa 2012-2017) with demographic information fields that included patients’ first and last names with middle initial, postal address with zip code, email address, home and work phone numbers, date of birth, Social Security numbers, and some information on payment guarantor and provider. Patient ID numbers were also incorporated, The 100 records did not represent 100 unique patients, as there were multiple records for some of the names and Patient ID numbers.


One Year After It Started, LendUs Discloses That They Had a Breach

Permalink - Posted on 2022-02-10 16:00

LendUS completed an investigation into unauthorized access to some LendUS employee email accounts. Upon first learning of the activity, LendUS immediately took steps to secure the email accounts and began an investigation with the assistance of a cybersecurity firm. The investigation determined that an unauthorized person accessed certain accounts at various times between February 2, 2021 and March 22, 2021. The investigation was not able to determine whether any emails or attachments in the accounts were accessed or downloaded by the unauthorized individual. Out of an abundance of caution, LendUS reviewed the emails and attachments that could have been accessed or downloaded. On December 21, 2021, LendUS determined that certain emails or attachments contained certain information, including names accompanied by one or more of the following: Social Security numbers; driver’s license numbers; financial and payment card account information; passport numbers; tax identification numbers; medical and health insurance information; and online account credentials. This information relates to certain LendUS employees and customers.


2021 Was the Most Prolific Year on Record for Data Breaches

Permalink - Posted on 2022-02-10 16:00

Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States. The guide is based on the analysis of more than 1,500 data incidents that occurred in the United States during 2021 that specifically involved sensitive data, including personally identifiable information (PII). The report identifies the top sensitive data breaches by the number of individuals impacted, number of records compromised, threat actor, exposure vector, and types of sensitive data exposed by industry sector. The majority of sensitive data breaches were executed by external actors, accounting for 93 percent of total incidents. Targeted cyberattacks were the primary way external actors gained unauthorized access to personal data in 2021. External actors carried out more than 1,440 cyberattacks (89 percent of all sensitive data incidents), capturing the personal information of 148 million people.


Romance Fraud Losses Increased by 91% During COVID-19

Permalink - Posted on 2022-02-09 16:00

Romance fraud losses surged by 91% during COVID-19 compared to pre-pandemic levels, according to new research from TSB. The bank said it had observed cases of romance fraud double in the pandemic as a result of the shift to online dating amid social distance restrictions. It also found that the average financial loss per victim over this period was an eye-watering £6100. Interactions that originated on Facebook accounted for the highest number of fraud cases, at 35%. This was followed by the dating sites Tinder (24%), Plenty of Fish (21%) and Match.com (9%). TSB also calculated the length of these virtual ‘relationships’ by analyzing its own data relating to victims' first and last payments to fraudsters. These lasted for an average of 62 days, with the longest one spanning nearly three years. In almost a third (32%) of cases, victims transferred money to the fraudsters for periods lasting over two weeks before realizing the scam. In 27% of cases, payments lasted over a month, and 11% continued over half a year. Interestingly, women made up two-thirds (66%) of TSB’s cases and suffered significantly higher financial losses on average than men (£6300 vs. £4600). While all age groups were shown to be vulnerable to this type of fraud, the average age of the victims was 47.


Georgia Voter Data Posted Online After Breach of Software Company

Permalink - Posted on 2022-02-09 16:00

A data breach of the voting software company EasyVote Solutions exposed Georgia voters’ registration information on the internet, the company confirmed Tuesday. The company, based in Woodstock, provides software that streamlines voter check-ins during early voting in dozens of counties across Georgia, including Fulton, Oconee and Paulding counties. The software uses local voter registration to print out filled-in election applications for voters when they arrive at the polls, instead of requiring voters to complete paperwork by hand. Voter information may have been obtained from an EasyVote online storage location, Davis said. It’s unclear how many voters were affected by the breach, which EasyVote learned about on Jan. 31.


California: East Bay Community College Data Breached in Ransomware Attack

Permalink - Posted on 2022-02-09 16:00

Ohlone College was hacked in late January and the private information of some current and former students, staff and faculty was compromised, including Social Security and bank account numbers, according to school officials. The community college said in a Feb. 4 notice on its website and letters sent to students it had determined “that certain information on the network was accessed by an outside party” through a hacking incident on Jan. 20. In addition to Social Security numbers, information that was breached included U.S. registration numbers for noncitizens, driver’s license numbers, bank account numbers, medical information, health insurance information, student ID numbers, race or ethnicity information, class lists and schedules, disciplinary files, grades and transcripts, according to the college. Ohlone spokesperson Jennifer Marquez said Tuesday the college may not be able to determine what specific information was hacked from each person and how many people were victimized.


Cyber Attack Brings Down Vodafone Portugal Mobile, Voice, and TV Services

Permalink - Posted on 2022-02-08 16:00

Vodafone Portugal said today that a large chunk of its customer data services went offline overnight following “a deliberate and malicious cyberattack intended to cause damage and disruption.” The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS, and voice/digital answering services are still offline following the attack.


Equifax Finalizes Data Breach Settlement with U.S. Regulators

Permalink - Posted on 2022-02-08 16:00

Credit reference agency Equifax has finalized a settlement for a 2017 data breach that affected more than 147 million US citizens and 15 million Brits. Equifax first admitted the massive breach in September 2017. Names, Social Security numbers, birth dates, addresses as well as driver’s license details of more than 10 million individuals were exposed after attackers used a known vulnerability to break into Equifax’s databases. The breach exposed the credit card data of a smaller subset of around 209,000 victims. An estimated 15 million British citizens were affected by the incident, of which 694,000 had sensitive data exposed. A smaller number of Canadians were also affected.


Puma Hit by Data Breach After Kronos Ransomware Attack

Permalink - Posted on 2022-02-08 16:00

Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data. Right after the attack, a Kronos customer impacted in the incident told BleepingComputer that they had to go back to using paper and pencil to cut checks and monitor timekeeping.


More Than Half of Canadian Ransomware Victims Paid the Ransom Demands in 2021

Permalink - Posted on 2022-02-07 15:00

Canadian IT company, NOVIPRO, today unveiled its sixth annual IT Portrait of Canadian Businesses in collaboration with Leger, which revealed the deep vulnerability of Canadian companies to computer attacks. The study reveals that more than half (56%) of organizations targeted by malware have paid the amounts requested by cybercriminals. Of these, one of three companies (33%) retained the services of a negotiator, while 23% proceeded without the help of an intermediary.


Microsoft Says Security Threats Are Rising But Companies Are Still Ignoring Strong Authentication

Permalink - Posted on 2022-02-07 15:00

Almost every compromised Microsoft account lacks multi-factor authentication, but few organizations enable it even though it's available, according to Microsoft. In the tech giant's new Cyber Signals report, the company says that just 22% of customers that use its cloud-based identity platform Azure Active Directory (AAD) had implemented "strong identity authentication" as of December 2021, which includes multi-factor authentication (MFA) and passwordless solutions, such as the Microsoft Authenticator app. One potential technical obstacle is that some organizations still have Office 365 "basic authentication" enabled, which doesn't support MFA. Microsoft's "modern authentication" enables MFA. Microsoft will disable basic authentication by default in October 2022 and would have done so last year were it not for the pandemic's demands on remote access for employees. The Cyber Signals report also highlights the scale of the onslaught on account identities. Microsoft says it blocked tens of billions of phishing attempts and automated password-guessing attacks, such as password spraying, last year. The attacks were from state-sponsored actors, such as Nobelium, the group behind the SolarWinds software supply chain attack, and ransomware affiliates.


Crypto Firm Meter Loses $4.4 Million in Cyber Heist

Permalink - Posted on 2022-02-07 15:00

Yet another cryptocurrency firm has been hacked to the tune of millions of dollars. Meter provides decentralized finance (DeFi) infrastructure services, linking siloed blockchains for users with so-called “cross-chain bridges.” Meter admitted it lost $4.4m in the raid but said it would compensate those affected while working with the authorities to trace its attacker. Over the weekend, it revealed that an unauthorized intruder had managed to exploit a bridge vulnerability to mint a large number of Binance Coins (BNB) and wrapped Ethereum (WETH), while running down its reserves.


Breach of Washington State Database May Expose Personal Information

Permalink - Posted on 2022-02-07 15:00

The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system. The agency licenses about 40 categories of businesses and professionals, from auctioneers to real estate agents, and it shut down its online platform temporarily after learning of the activity in January, agency spokesperson Christine Anthony said Friday. Data stored on the system, which is called POLARIS, could include Social Security numbers, birth dates and driver’s licenses.


Attacks Against Health Plans Up Nearly 35%

Permalink - Posted on 2022-02-07 15:00

Critical Insight announced the release of a report which analyzes ​​breach data reported to the U.S. Department of Health and Human Services by healthcare organizations. 2021 hit a high of 45 million individuals affected by healthcare attacks, up from 34 million in 2020. That 45 million number is triple the number of individuals impacted only three years ago. (The number was 14 million in 2018); Attacks against health plans jumped nearly 35% from 2020 to 2021. And attacks against business associates, or third-party vendors, increased nearly 18% from 2020 to 2021. Fortunately, attacks against Healthcare Providers (where most breaches are historically reported) declined slightly after peaking in 2020 (down ~4%); Hacking/IT incidents continue to be the most common cause of breaches with an increase of 10% in 2021. Hacking was also responsible for the vast majority of individual records that were affected by breaches, which means those records were likely sold on the Dark Web; When we look at which segments of the healthcare ecosystem had Hacking/IT Incident type breaches, we’re now seeing outpatient/specialty clinics have more Hacking/IT Incident type breaches than hospitals. Outpatient/specialty clinics saw a 41% increase in Hacking/IT Incident type breaches in 2021 compared to 2020.


PHI of 138,000 Individuals Exposed in 3 Email Security Incidents

Permalink - Posted on 2022-02-04 16:00

Hackers have gained access to email accounts containing protected health information at Injured Workers Pharmacy, iRise Florida Spine and Joint Institute, and Volunteers of America Southwest California. Andover, MA-based Injured Workers Pharmacy has recently reported a data breach to the Maine Attorney General that was discovered on or around May 11, 2021, when suspicious activity was detected in an employee email account. The account was immediately secured and third-party computer forensics specialists were engaged to investigate the breach. The investigation revealed 7 email accounts had been compromised between January 16, 2021, and May 12, 2021. The iRise Florida Spine and Joint Institute has discovered an employee email account containing the protected health information of 61,595 patients has been accessed by an unauthorized individual. The forensic investigation revealed the email account was accessed between February 24, 2021, and February 26, 2021. The San Diego, CA-based social service organization Volunteers of America Southwest California recently announced it was the victim of a phishing attack. An employee received an email that appeared to be a voicemail message, that included a link to a website that required login credentials to be entered to listen to the message. The login credentials were captured and used to access the employee’s email account.


Several India-Based Call Centers Indicted by U.S. Dept. of Justice

Permalink - Posted on 2022-02-04 16:00

A group of India-based call centers and their directors have been indicted for their alleged role in placing scam calls aimed at defrauding US-based citizens – including impersonating banks, the Internal Revenue Service (IRS), and Social Security Administration. The superseding indictment charges Manu Chawla and Achivers A Spirit of BPO Solutions Private Limited; Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, a.k.a. Sawaran Deep Kohli, and Fintalk Global; Dinesh Manohar Sachdev and Global Enterprises; Gaje Singh Rathore and Shivaay Communication Private Limited; Sanket Modi and SM Technomine Private Limited; and Rajiv Solanki and Technomind Info Solutions of conspiring with VoIP service provider E Sampark and its director, Guarav Gupta, who was previously indicted for sending tens of millions of these scam calls to US victims. "Scam robocalls cause emotional and financial devastation to victims, particularly our vulnerable and elderly populations," said US Attorney Kurt Erskine in a statement. "These India-based call centers allegedly scared their victims and stole their money, including some victims' entire life savings." In the loan scams, victims were duped by call-center representatives into paying fees for phony loans; the reps were sometimes able to convince the victims to transfer funds and gift cards to them in more elaborate financial fraud ploys.


Business Services Firm Morley Discloses Data Breach Affecting 500,000 People

Permalink - Posted on 2022-02-04 16:00

Business services company Morley this week announced being targeted in a ransomware attack that may have resulted in the information of more than 500,000 individuals getting stolen. In letters sent to impacted individuals, Morley, which serves Fortune 500 and Global 500 companies across various industries, said the incident was discovered in August 2021, when it noticed that some files became inaccessible due to a ransomware infection. An investigation revealed that the attackers may have gained access to client and employee data, including personal and protected health information. Potentially stolen information includes name, social security number, date of birth, client identification number, health insurance information, and medical diagnostic and treatment information. The company told the Maine Attorney General that more than 521,000 individuals are impacted. The AG’s office was also informed that the breach occurred in July 2021.


News Corp Confirms Cyber Attack

Permalink - Posted on 2022-02-04 16:00

News Corp, publisher of The Wall Street Journal, said Friday that it had been hacked and had data stolen from journalists and other employees, and a cybersecurity firm investigating the intrusion said Chinese intelligence-gathering was believed behind the operation. Mandiant, the cybersecurity firm examining the hack, said in a statement that it "assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests." It was not known when the hackers breached the network or how much data they stole.


France, Department of Seine-Saint-Denis: Ransomware Attack, Several Municipalities Involved

Permalink - Posted on 2022-02-04 16:00

In the night between 5 and 6 December last, the ransomware group Hive managed to penetrate the IT systems of the Syndicat Intercommunal d’Informatique (SII), an IT service provider based in Bobigny, a municipality of 54,000 people north of Paris. In addition to the city of Bobigny, the SII provides IT services and assistance to various other municipalities within the Department of Seine-Saint-Denis in the French region of Île-de-France. At least three other municipalities were affected by the cyber attack: Tremblay-en-France, Le Blanc-Mesnil and La Courneuve, but also the Bobigny public housing offices and the inter-municipal union for collective catering (Siresco) appear to be been affected by this attack – Source: Les Echos -. Currently the Siresco website is offline as well as the official one of the Municipality of Tremblay-en-France which at the moment has been “replaced” by a temporary one reachable at the


Thai Students' Data Hacked, Sold on Dark Web

Permalink - Posted on 2022-02-04 16:00

The personal information of over 23,000 students has been stolen as a result of the Thai University Central Admission System being hacked. According to a Bangkok Post report, the security breach has been confirmed by the Council of University Presidents of Thailand. It’s understood the data, which pertains to over 23,000 students who took part in last year’s exams, has been sold on the dark web. It includes names, grades, and identity card information. CUPT says the stolen data is part of 826,250 files in the TCAS database and was entered into the system during the third round of exams in May of last year. The council believes the files may have been exported by a university employee who would have access to the information in order to rank applicants in accordance with the university’s selection criteria. It has pledged to file a police complaint and take legal action against the person or persons responsible, according to the Bangkok Post.


IT Staffing Company Settles Data Breach Class Action

Permalink - Posted on 2022-02-04 16:00

Artech Information Systems settled a data breach class action this week for an incident that occurred in January 2020. Artech will pay up to $10,000 to each individual affected by the breach, based on a tiered payment system. Artech, a staffing company specializing in placement for IT staff and project services, was the victim of a ransomware attack in January 2020 that resulted in unauthorized access to confidential information concerning about 30,000 current and former employees. During the attack, the hackers opened and downloaded thousands of employee files that contained employees’ names, addresses, telephone numbers, Social Security numbers, and dates of birth. The unauthorized access occurred over a three-day period, but upon discovery, Artech was able to mitigate the attack within six hours . However, Artech did not notify its employees of the incident until several months after resolving the breach. The class alleged that Artech failed to protect their personal information through reasonable cyber security measures and failed to make prompt notification to its employees. The class further alleged that Artech’s failures increased their risk for identity theft and fraud.


Airport Services Firm Swissport Reports Ransomware Incident

Permalink - Posted on 2022-02-04 16:00

Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said its IT infrastructure was targeted by the ransomware attack. The group behind the attack was not named. A spokesperson for the National Cyber Security Centre in Switzerland told ZDNet that they are in contact with Swissport but could not provide more information. The company's website is currently down.


Companies Woefully Unprepared for CCPA Compliance

Permalink - Posted on 2022-02-03 18:00

Only 11% of companies are able to fully meet CCPA requirements, especially when managing Data Subject Access Requests (DSARs), according to a CYTRIO research. The research also showed a disconnect in compliance with 44% of companies not providing any mechanism for consumers to exercise their data rights despite stating they needed to comply with CCPA in their privacy policies. The research found that less than 11% of companies use DSAR management automation solutions. 45% of the companies relied on inefficient and costly manual processes such as email and web forms for submitting and responding to data requests.


Home Improvement Firm Fined £200,000 for Nuisance Calls

Permalink - Posted on 2022-02-03 18:00

A Welsh home improvement firm has been fined £200,000 by the UK’s privacy watchdog after making more than half a million nuisance phone calls. Home2Sense Ltd of Lampeter made 675,478 nuisance calls between June 2020 and March 2021 to offer individuals insulation services, according to the Information Commissioner’s Office (ICO). However, these people were registered with the Telephone Preference Service (TPS), meaning they had explicitly opted out of receiving unsolicited marketing calls. According to the UK’s Privacy and Electronic Communications Regulations (PECR), it is illegal to contact anyone registered with the TPS for more than 28 days unless that person has explicitly notified the company that they do not object to receiving such calls. Among the scores of complaints made to the ICO about Home2Sense’s business practices, one distressed victim said a call center marketer asked to speak to their late mother, who had passed away a decade earlier. On other calls, the operative posed as a local surveyor and claimed the recipient might be in line for a free grant to replace their loft insulation.


Attorney General Subpoenas RIPTA, UnitedHealthcare Over Data Breach

Permalink - Posted on 2022-02-03 18:00

Attorney General Peter F. Neronha’s office has issued administrative subpoenas to the Rhode Island Public Transit Authority and UnitedHealthcare over a data breach that compromised the personal information of 22,000 people. The subpoenas, or civil investigative demand letters, say the attorney general’s office was notified on Dec. 23 of a “significant information security breach,” which had first been detected on Aug. 5. And “subsequent information” led the office to conclude “that one or more entities may have departed from industry standard information safeguards in relation to this breach,” and “in contravention of their notices of privacy practices,” the letters say.


European Oil Port Terminals Hit by Cyber Attack

Permalink - Posted on 2022-02-03 18:00

Major oil terminals in some of Western Europe's biggest ports have fallen victim to a cyberattack, sources confirmed on Thursday. Belgian prosecutors have launched an investigation into the hacking of oil facilities in the country's ports, including Antwerp, Europe's second biggest port after Rotterdam. According to a specialised broker, the alleged hacking is affecting several European ports and is disrupting the unloading of barges in an already strained oil market.


Tennessee Community College Suffers Ransomware Attack

Permalink - Posted on 2022-02-03 17:00

A Tennessee community college suffered a data security attack that may have resulted in unauthorized access to personal information of former and current students, faculty and staff, officials said. Pellissippi State Community College is sending out notifications about a ransomware attack focused mainly on encrypting school data to force a ransom payment, the Tennessee Board of Regents said in a news release Tuesday. Pellissippi State did not pay a ransom, the Knoxville college said on its website.


Market Research & Conferencing Service Civicom Exposed 8TB of Data

Permalink - Posted on 2022-02-03 17:00

A misconfigured Amazon S3 bucket belonging to Civicom was responsible for exposing thousands of audio and video recordings of the company’s clients. Users of Civicom’s “Glide Central” software are the primarily affected clients. We know this because the content of the server fits with the Audio and Video management software’s features, such as the Clip Key Points feature.


Online Ad Association Fined for Privacy Violation

Permalink - Posted on 2022-02-02 16:00

An association for online advertising companies has been fined hundreds of thousands of dollars for developing an ad-targeting tool that violated European Union data laws. The Belgian Data Protection Authority (BE DPA) said it was necessary to impose “harsh sanctions” on IAB Europe because the association’s Transparency and Consent Framework (TCF) “could, for a large group of citizens, lead to a loss of control over their personal data.” In a statement released October 2020, IAB Europe said that the TCF is a voluntary standard whose purpose is to assist companies in the digital advertising ecosystem to comply with EU data protection law.


33% of Employees Admit to Exfiltrating Data When Leaving Their Job

Permalink - Posted on 2022-02-02 16:00

Nearly one-third (29%) of employees admitted taking data with them when they leave their job, according to new research from Tessian. The findings follow the ‘great resignation’ of 2021, when workers quit their jobs in huge waves following the COVID-19 pandemic. Unsurprisingly, close to three-quarters (71%) of IT leaders believe this trend has increased security risks in their organizations. In addition, nearly half (45%) of IT leaders said they had seen incidents of data exfiltration increase in the past year due to staff taking data with them when they left. The survey of 2000 UK workers also looked at employees' motives for taking such information. The most common reason was that the data would help them in their new job (58%). This was followed by the belief that the information belonged to them because they worked on the document (53%) and to share it with their new employer (44%). The employees most likely to take data with them when leaving their job worked in marketing (63%), HR (37%) and IT (37%). The research also found that 55% of workers are considering leaving their jobs in 2022, while two in five (39%) are currently working their notice or actively looking for a new job in the next six months, meaning organizations remain at high risk of data exfiltration.


CareSouth Carolina Hit with Proposed Class Action Lawsuit

Permalink - Posted on 2022-02-02 16:00

ClassActions.org reports that CareSouth Carolina has been hit with a potential class action lawsuit. The caption is Mixon v. CareSouth Carolina, Inc. § 4:22-CV-00269. The lawsuit stems from what the complaint describes as an attack against CareSouth in 2020 that was first reported to affected individuals in May, 2021. As DataBreaches.net had found at the time, the breach was reported in May, 2021 to HHS as affecting 76,035 members. Digging into the matter revealed that CareSouth Carolina was just one of Netgain Technology’s clients who had been impacted by a ransomware attack on the IT company in 2020. In its notification to patients, CareSouth claimed that it did not obtain information from Netgain as to who was impacted until April 13, 2021.


KP Snacks Hit with Ransomware Attack

Permalink - Posted on 2022-02-02 16:00

British food producer KP Snacks was hit with a ransomware attack last week. In a statement to ZDNet, the company said it discovered the ransomware attack on Friday, January 28. The company would not confirm who launched the attack, but the Conti ransomware group added KP Snacks to its victim leak site, threatening to leak information stolen from them on February 6. Better Retailing reported that store owners received messages notifying them of the ransomware attack and saying they "cannot safely process orders or dispatch goods." The note added that stores should "expect supply issues on base stock and promotions until further notice."


British Council Student Data Found in Unprotected Database

Permalink - Posted on 2022-02-01 18:00

The information of many British Council students was recently exposed online in an unprotected repository. A world leading education institution, British Council operates in over 100 countries worldwide. In 2019 and 2020, it connected directly with roughly 80 million people, and with over 790 million overall. In early December 2021, MacKeeper and cybersecurity researcher Bob Diachenko discovered an open, unsecured Microsoft Azure blob repository with over 144,000 files (xml, json and xls/xlsx) containing personal information and login details belonging to British Council students. The blob container was indexed by a public search engine but it’s unclear for how long the data remained accessible to the public without authentication, MacKeeper explains.


Shell Forced to Reroute Supplies After Cyber Attack on Two German Oil Companies

Permalink - Posted on 2022-02-01 18:00

Shell said on Tuesday it was re-routing oil supplies to other depots following a cyberattack on two subsidiaries of German logistics firm Marquard & Bahls this week. The companies, Oiltanking GmbH Group and mineral oil dealer Mabanaft GmbH & Co. KG Group, on Jan. 29 discovered they were hit by an attack that disrupted its IT systems and supply chain, the companies said in a joint statement. Shell Deutschland GmbH, the oil major’s German subsidiary, was able to “re-route to alternative supply depots for the time being,” a spokesperson said in a statement. The incident follows another cyberattack on billion-dollar German logistics firm Hellmann Worldwide Logistics that took place in December.


Civil Rghts Groups Launch Effort to Stop IRS Use of ID.me Facial Recognition

Permalink - Posted on 2022-02-01 18:00

Outrage continues to swirl around a proposed plan from the Treasury Department to require some taxpayers to submit to facial recognition and biometric surveillance in order to access their accounts online. The proposal faced further scrutiny after it was revealed the IRS planned to involve controversial facial recognition company ID.me in the effort. Fight for the Future, Algorithmic Justice League, EPIC, and other civil rights organizations launched a website -- called Dump ID.me -- allowing people to sign a petition against the IRS plan. This campaign site comes after days of criticism from privacy, justice, and civil rights groups concerned about the potential for a company like ID.me to have access to peoples' most sensitive data.


Greece: Mobile Phone Operator Slapped with Fine Over Data Breach

Permalink - Posted on 2022-02-01 18:00

Mobile phone operator Cosmote and parent company OTE have been slapped with fines of over 9 million euros by Greece’s Data Protection Authority over a breach of user records in September 2020. Specifically, the watchdog fined Cosmote 6 million euros for failing to protect a file containing the call histories of thousands of customers from hackers and OTE another 3.25 million euros for failing to provide the necessary security infrastructure to prevent such an attack.


Cyber Attacks and Data Theft Incidents Reported by Medical Healthcare Solutions and Advocates Inc.

Permalink - Posted on 2022-01-31 16:00

Advocates Inc., a Massachusetts-based nonprofit provider of support services for individuals experiencing life challenges such as addiction, autism, brain injury, intellectual disabilities, mental health, and behavioral health, has announced it recently experienced a sophisticated cyberattack and data theft incident. Advocates was informed on October 1, 2021, that an unauthorized individual had gained access to its network and copied files containing the sensitive data of patients and employees. A leading cybersecurity firm was engaged to assist with the investigation, which revealed an unknown individual had accessed its network and copied files over a four-day period between September 14, 2021, and September 18, 2021. The files contained names, addresses, dates of birth, Social Security numbers, health insurance information, client ID numbers, diagnoses, and treatment information. After confirming the individuals affected, Advocate collected up-to-date contact information to allow written notices to be provided, hence the delay in issuing notification letters.


Unsecured AWS Server Exposed 3TB in Airport Employee Records

Permalink - Posted on 2022-01-31 16:00

On Monday, the SafetyDetectives cybersecurity team said the server belonged to Securitas. The Stockholm, Sweden-based company provides on-site guarding, electronic security solutions, enterprise risk management, and fire & safety services. In a report shared with ZDNet, SafetyDetectives said one of Securitas's AWS S3 buckets was not appropriately secured, exposing over one million files on the internet. The server contained approximately 3TB of data dating back to 2018, including airport employee records. While the team was not able to examine every record in the database, four airports were named in exposed files: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). The misconfigured AWS bucket, which did not require any authentication to access, contained two main datasets related to Securitas and airport employees. Among the records were ID card photos, Personally identifiable information (PII), including names, photos, occupations, and national ID numbers. In addition, SafetyDetectives says that photographs of airline employees, planes, fueling lines, and luggage handling were also found in the bucket. Unstripped .EXIF data in these photographs was exfiltrated, providing the time and date the photographs were taken as well as some GPS locations.


Americans Lost $770 Million from Social Media Fraud Surge

Permalink - Posted on 2022-01-31 16:00

Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021. As revealed by the FTC, over 95,000 US consumers reported losses of roughly $770 million after getting scammed on social media platforms. This amounts to approximately a quarter of all losses to fraud reported in 2021, showing a massive 18-fold increase over 2017 reported losses and more than double compared to 2020.


Florida County Drug Screening Lab Exposed Sensitive Data Online for 4 Years

Permalink - Posted on 2022-01-28 17:00

A misconfiguration of an internal website portal used by a Florida county drug screening lab has exposed sensitive information online for a period of more than four years. St. Lucie County’s drug screening lab (SLC Lab) provides drug testing services for employment, court cases, and other purposes. SLC Lab did not disclose in its breach notifications how many individuals have been affected, but the breach notice submitted to the Maine Attorney General says the sensitive information of 14,528 individuals was exposed.


Official Says Puerto Rico's Senate Targeted by Cyber Attack

Permalink - Posted on 2022-01-27 20:00

Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page, the latest in a string of similar incidents in recent years. Senate President José Luis Dalmau said in a statement that there is no evidence that hackers were able to access sensitive information belonging to employees, contractors or consultants, although the incident is still under investigation.


Data Breach at Drug Screening Lab

Permalink - Posted on 2022-01-27 20:00

A configuration error has caused a prolonged data breach at a Florida County’s drug screening laboratory. The security incident occurred at St. Lucie County’s Drug Screening Lab (SLC Lab), which supplies drug testing services for employment, court cases and other purposes. In a statement released January 20 2022, County leaders said that a misconfiguration detected in the lab’s website portal had inadvertently made some of the portal users’ personal data accessible for more than four years. The County said: “SLC Lab discovered on December 28 2021 that the website portal misconfiguration allowed for data to be accessible to certain portal users between June 2 2017 and October 13 2021.” Data exposed in the incident included full names and one or more of the following: Social Security numbers, dates of birth and limited lab test type and result information.


Nearly $9 Billion Laundered in Cryptocurrency in 2021

Permalink - Posted on 2022-01-27 20:00

Threat actors laundered $8.6bn in cryptocurrency last year, although the real figure could be much higher when “non-crypto” crimes are included, according to Chainalysis. The firm provides analysis and investigation software to help shine a light on the murky world of blockchains and decentralized finance (DeFi). Findings from an upcoming report released yesterday revealed a 30% year-on-year increase in the value associated with money laundering activity via cryptocurrency in 2021.


Memorial Health System Faces Class Action Lawsuit Over August 2021 Cyberattack

Permalink - Posted on 2022-01-27 20:00

Marietta Area Health Care Inc., doing business as Memorial Health System, is facing a class action lawsuit over a cyberattack and data breach that was detected by Memorial Health System on August 14, 2021. The investigation into the attack confirmed the attackers first gained access to company servers on or around July 10, 2021, and installed malware on its systems. Unauthorized access remained possible until August 15, 2021. The breach notification letters state Memorial Health System learned on September 17, 2021, that the threat actor potentially accessed or acquired information from its systems. The review of the affected systems was completed on November 1, 2021, and affected individuals were notified on January 12, 2022, and were offered a 12-month complimentary membership to a credit monitoring service. The breach notice submitted to the Maine attorney general indicates the personal information of 216,478 was potentially accessed by the attackers.


Nobel Foundation Site Hit by DDoS Attack on Award Day

Permalink - Posted on 2022-01-27 20:00

The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021. At present, there is no information on who could be behind this cyberattack.


Conti Ransomware Hits Apple, Tesla Supplier

Permalink - Posted on 2022-01-27 20:00

The Conti ransomware gang has been linked to an attack on Delta Electronics, a Taiwanese electronics manufacturing company and a major supplier of power components to companies like Apple and Tesla. The attack took place last Friday, on January 21, according to a statement shared by the company with stock market authorities. In a report today from local tech news site CTWANT, a reporter claims to have obtained a copy of an internal incident report detailing the attack in far-grimmer conditions. More than 1,500 servers and more 12,000 of Delta’s 65,000 computer fleet were encrypted by the attackers. The attackers allegedly requested a ransom demand of $15 million from the Taiwanese electronics maker.


65% of Organizations Continue to Rely on Shared Logins

Permalink - Posted on 2022-01-27 20:00

As organizations look to embrace modern approaches to security in 2022, a strongDM survey has revealed that access management is one of the most crucial factors to achieving this goal. The data showed that 80% of organizations are looking to address access management as a strategic initiative over the next 12 months, highlighting the need to secure and streamline infrastructure-wide access controls as a prerequisite to other initiatives, like zero trust. Moreover, the report finds that legacy access processes create severe team inefficiencies, requiring intensive time and resources, and blocking agile development practices: 88 percent of organizations require two or more employees to review and approve access requests, taking days or weeks to fulfill; Respondents cite their biggest challenges as the time required to request and grant access (52 percent), and the task of assigning, rotating, and tracking credentials (51 percent).


Home Working Drives 44% Surge in Insider Threats

Permalink - Posted on 2022-01-26 19:00

nsider threats cost organizations an average of over $15m annually to remediate last year, with stolen credentials a growing risk, according to Proofpoint. The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe. It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period. The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020. Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident. Failure to ensure devices are properly secured or patched and not following corporate security policy are typical issues that have exposed organizations over the past year. They’re especially prevalent as many employees now work from home, where it’s often harder for IT teams to enforce policy effectively. That’s resulted in a near-doubling of credential theft incidents since 2020, at a cost to organizations of $804,997 per incident. However, malicious intent is also a major cause of insider threats, accounting for a quarter (26%) of incidents at an average cost of $648,000 to remediate. Once again, the work-from-home (WFH) mandate has driven this trend, allowing employees more remote access to sensitive data, according to Proofpoint.


Settlement Reached in Excellus Class Action Data Breach Lawsuit

Permalink - Posted on 2022-01-26 19:00

Excellus Health Plan Inc., its affiliated companies, and the Blue Cross Blue Shield Association (BCBSA) have reached a settlement to resolve a class action lawsuit that was filed in relation to a cyberattack discovered in 2015. The attack involved the personally identifiable information (PII) and protected health information (PHI) of more than 10 million members, subscribers, insureds, patients, and customers. The HHS’ Office for Civil Rights (OCR) launched an investigation into the data breach and uncovered several potential violations of the HIPAA Rules, including security failures and the impermissible disclosure of the PHI of 9.3 individuals. The case was settled in January 2021 and Excellus agreed to pay a financial penalty of $5.1 million to resolve the HIPAA violations and to implement a corrective action plan to address the security failures and the alleged HIPAA non-compliance issues.


U.S. Data Breaches Surge 68% to All-Time High

Permalink - Posted on 2022-01-25 16:00

The volume of publicly reported data compromises in the US soared 68% year-on-year to a record high of 1862, according to new data from the Identity Theft Resource Center (ITRC). The non-profit said the figure was 23% higher than the previous record, set in 2017. The manufacturing and utilities sector reported the largest percentage increase in data compromises, up 217% over 2020. Every sector saw a rise in incidents bar the military vertical, where there were no publicly reported breaches.


New York Attorney General Announces $600,000 Agreement with EyeMed After 2020 Data Breach

Permalink - Posted on 2022-01-25 16:00

New York Attorney General Letitia James today announced a $600,000 agreement with EyeMed that resolves a 2020 data breach that compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York state. EyeMed — which provides vision benefits to members of vision plans offered by both licensed underwriters and employers — experienced a data breach in which attackers gained access to an EyeMed email account with sensitive customer information. The compromised information included consumers’ names, mailing addresses, Social Security numbers, identification numbers for health and vision insurance accounts, medical diagnoses and conditions, and medical treatment information. The intrusion permitted the attacker access to emails and attachments with sensitive customer information dating back six years prior to the attack.


California Public Office Admits Covid-19 Healthcare Data Breach

Permalink - Posted on 2022-01-25 16:00

A misconfigured databased managed by a California public office has potentially exposed the sensitive medical information of citizens. County of Kings, in mid-California, announced that the security flaw in its public web server made limited information on Covid-19 cases available on the internet. The incident was discovered on November 24, 2021, and involved records obtained by the County’s Public Health Department from the California Department of Public Health and County healthcare providers. An investigation determined that the misconfiguration resulted from an error made by a third-party contractor and existed on the county’s public web server from February 15, 2021, until it was fully corrected on December 6, 2021.


Memorial Health System Confirms 216,000 Patients Affected by August 2021 Ransomware Attack

Permalink - Posted on 2022-01-21 17:00

Ohio-based Memorial Health System has recently confirmed the ransomware attack it experienced in August 2021 potentially involved the protected health information of 216,478 patients. The ransomware attack forced the health system to divert certain patients to other facilities and cancel some appointments to ensure patient safety. The attack was announced shortly after the breach, which occurred on August 14, 2021. The investigation revealed its network was first breached on July 10, 2021. The incident was reported to the HHS’ Office for Civil Rights promptly, although at the time it was not known how many individuals had been affected. Memorial Health System discovered patient data may have been involved on or around September 17, 2021, then followed a comprehensive review of all affected files. On November 1, 2021, the scope of the incident was determined but it took until December 9, 2021, to confirm the individuals affected and the specific types of data involved, hence the delay in issuing notifications. Written notices were sent to affected individuals on or around January 12, 2022. The information exposed and potentially exfiltrated included names, addresses, Social Security numbers, medical/treatment information, and health insurance information. Affected individuals have been offered a complimentary 12-month membership to Kroll’s credit monitoring service. Memorial Health System has since implemented additional safeguards to improve its security posture.


Pennsylvania Approves Ransomware Bill

Permalink - Posted on 2022-01-21 17:00

Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals. Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration. The amendment defines ransomware and makes it illegal to possess, use, develop, sell or threaten to use the malware in Pennsylvania. Penalties set for the newly imposed ransomware offenses vary depending on how much money is being exploited. While some violations are classed as first-degree misdemeanors, others have been designated a first-degree felony.


Thousands of Indians' Covid-19 Related Data Leaked Online

Permalink - Posted on 2022-01-21 18:00

Personal data of thousands of people in India has been leaked from a government server which includes their name, mobile number, address and Covid test result, and these information can be now be accessed through an online search. The leaked data has been put on sale on Raid Forums website where a cyber criminal claims to have personal data of over 20,000 people. The data put on Raid Forums shows name, age, gender, mobile number, address, date and result of Covid-19 report of these people.


Exposed Records Exceeded 40 Billion in 2021

Permalink - Posted on 2022-01-21 17:00

According to a research by Tenable, at least 40,417,167,937 records were exposed worldwide in 2021, calculated by the analysis of 1,825 breach data incidents publicly disclosed between November 2020 and October 2021. This is a considerable increase on the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed.


Two-Fifths of Ransomware Victims Still Paying Up

Permalink - Posted on 2022-01-21 17:00

Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research. The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil. Some 87% said their organization had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic. Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m. This will have helped increase the total figure for cybercrime losses over the period. In 2019, just 15% of responding organizations reported losses of $500,000 or more, but this figure almost doubled to 28% by the following year. Figures for 2021 weren’t available. Part of the challenge appears to be the inability of organizations to quickly detect and respond to any suspicious activity on their networks. Less than half (46%) said they strongly agree current solutions can evolve to detect new globally identified threats.


Endpoint Malware and Ransomware Detections Hit All-Time High

Permalink - Posted on 2022-01-21 17:00

Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections. While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.


Software Supply Chain Attacks Jumped Over 300% in 2021

Permalink - Posted on 2022-01-20 17:00

Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors. They found that the level of security across software development environments remains low, and significantly, every company evaluated had vulnerabilities and misconfigurations that can expose them to supply chain attacks.


Red Cross Begs Attackers Not to Leak Stolen Data for 515,000 People

Permalink - Posted on 2022-01-20 17:00

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration. “While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director general of the International Committee for the Red Cross (ICRC), said in a release on Wednesday. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.” The attack forced the ICRC, along with the wider Red Cross and Red Crescent network, to shut down the systems underpinning the Restoring Family Links site. That action also crippled the humanitarian network’s ability to reunite separated family members, the release said. As of Thursday morning, the site was still down.


Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom

Permalink - Posted on 2022-01-20 17:00

Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation. According to a forum post from OpenSubtitles’ administrator, the opensubtitles.org website was hacked by someone in August 2021. The attacker had exploited a series of vulnerabilities to obtain user data and then asked for an undisclosed amount of bitcoin in exchange for not making the hack public and deleting the data.


Malware Targeting Linux Systems Grows by 35% in 2021

Permalink - Posted on 2022-01-20 17:00

A report shared by Crowdstrike recently highlights the rising threats on Linux-based operating systems. Researchers noted that there has been a 35% rise in Linux-based malware in 2021 as compared to 2020. Most of these attacks were launched on IoT devices. According to Crowdstrike’s telemetry, three malware families accounted for 22% of attacks on Linux systems in 2021. XorDDoS, Mirai, and Mozi were the most prevalent Linux-based malware families observed in 2021. XorDDoS, a botnet designed to launch large-scale DDoS attacks, has been around since at least 2014. In 2021, the malware sample had increased by almost 123% when compared to 2020. Mirai variants, namely Sora, IZIH9, and Rekai, also jumped to 33%, 39%, and 83% respectively in 2021.


Crypto Protocol Publicly Announces Flaw, Users Relentlessly Owned by Hackers

Permalink - Posted on 2022-01-20 17:00

Earlier this week, a platform that allows users to swap tokens between blockchains publicly announced that there was a flaw that made accounts vulnerable to hackers. The announcement, predictably, prompted several hackers to rush and try to exploit the vulnerability. One of them stole more than $1.4 million dollars, and another one offered victims to return 80 percent of the funds they stole in a message posted to the Ethereum blockchain, keeping the rest as “tips for me saving your money” on Wednesday. In just a few hours since the second hackers’ announcement, all hell has broken loose. In the official Telegram channel of Multichain, the platform that was previously known as Anyswap, countless victims are asking whether the company will return their money, and complaining that scammers are trying to impersonate the company in an attempt to steal even more money from victims.


Marketing Giant RRD Confirms Data Theft in Conti Ransomware Attack

Permalink - Posted on 2022-01-20 17:00

On December 27th, RRD filed a Form 8-K with the SEC disclosing that they suffered a "systems intrusion in its technical environment" that led to the shut down of their network to prevent the attack's spread. The shut down of IT systems led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks, and motor vehicle documentation. While RRD initially said they were not aware of any client data stolen during the attack, on January 15th, the Conti ransomware gang claimed responsibility and began leaking 2.5GB of data allegedly stolen from RRD. However, a source told BleepingComputer that Conti soon removed the data from public view after RRD began further negotiations to prevent the release of data. Yesterday, RRD released an additional 8-K filing confirming that data was stolen during the attack. The company also stated they are taking all appropriate measures to protect its and clients' information.


Ransomware Attack on Moncler

Permalink - Posted on 2022-01-19 17:00

Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web. The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. Attackers hit Moncler in the final week of 2021, causing a temporary outage of its IT services which delayed shipments of goods ordered online. Some data stolen in the incident was published online on Tuesday after Moncler refused to pay a ransom to its attackers. Data compromised in the security incident relates to Moncler employees, former employees, suppliers, consultants, business partners and some customers registered on the company’s website.


Entira Family Clinics, Caring Communities Send Notification Letters About Netgain's 2020 Ransomware Attack

Permalink - Posted on 2022-01-19 17:00

A Minnesota network of family medicine practices started notifying almost 200,000 patients that some of their personal and protected health information was potentially compromised in a cyberattack on a business associate more than a year ago. Entira Family Clinics explained in the notification letters, which were sent to affected individuals on January 13, 2022, that the breach occurred at Netgain Technologies, which provides hosting and cloud IT solutions to companies in the healthcare and accounting sectors. Entira Family Clinics used Netgain’s services for hosting and email. Netgain announced the data breach in December 2020, and most affected companies were notified by February 2021. Most of the affected Netgain clients sent notification letters in the spring and summer of 2021. It is unclear why there was such a long delay in Entira Family Clinics issuing notification letters, and whether this was due to late notification from Netgain.


Jefferson Surgical Clinic Announces June 2021 Data Breach Impacting 174,769 Patients

Permalink - Posted on 2022-01-19 17:00

Roanoke, VA-based Jefferson Surgical Clinic has started notifying patients that some of their protected health information has potentially been compromised in a cyberattack that was detected on June 5, 2021. According to the breach notification letter provided to the Maine Attorney General, the attacker gained access to parts of the network that contained patient data such as names, birth dates, Social Security numbers, and health and treatment information.


Hacker Steals $200,000 Through Multichain Bug

Permalink - Posted on 2022-01-19 17:00

One of the hackers, who has stolen $200,000 through this bug, has offered some remorse. They claim to be a whitehat hacker and have offered to return 80% of the funds that they took. This hacker said in a blockchain transaction, "whitehat here, send me the tx you lost your weth, I give 80% back. The rest is the tips for me saving your money." Multichain has since replied to the hacker, hoping that they will return the funds to a blockchain address that they specified in the message. It is unknown whether this particular hacker was behind any of the other thefts. When asked if this hacker also owned the wallet that stole $1.43 million through this exploit, Multichain told The Block that it was possible. Be'ery said, "Cannot really know."


New Zealand: Kings Plant Barn the Latest Retailer Hit by Click-and-Collect Data Breach

Permalink - Posted on 2022-01-19 17:00

Kings Plant Barn has contacted customers about a security breach to FlexBooker, the internet-based system it uses to organise click-and-collect bookings. Names, email addresses and collection times were exposed. And on January 7, the US-based firm revealed a group of hackers had stolen data on December 23. The cyber-heist saw details from some 3.7 million accounts compromised. Since then, a number of retailers around the world that use FlexBooker have issued alerts to their customers, including Bunnings' Australian and NZ operations on January 13.


Washington City Loses $280,309 to Successful Phishing Scam

Permalink - Posted on 2022-01-19 17:00

The city of Tenino fell victim to a fraudulent scheme that cost it $280,309 in public funds, according to the Washington State Auditor’s Office. Former Clerk Treasurer John Millard initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts from March 19 to May 4, 2020, per a report. A series of phishing emails prompted the payments, many of which he did not get city council approval for. The email was sent to multiple public employees in Washington state who were members of the Washington Municipal Clerks Association. The same day it was sent, the association notified members that it was illegitimate.


Less Than a Fifth of Cyber Leaders Feel Confident Their Organization Is Cyber-Resilient

Permalink - Posted on 2022-01-18 16:00

Less than one-fifth (17%) of cyber leaders feel confident that their organizations are cyber-resilient, according to the World Economic Forum (WEF)’s inaugural Global Cybersecurity Outlook 2022 report. The study, written in collaboration with Accenture, revealed there is a wide perception gap between business executives and security leaders on the issue of cybersecurity. For example, 92% of businesses believe cyber-resilience is integrated into their enterprise risk-management strategies, compared to just 55% of cyber leaders. This difference in attitude appears to be having worrying consequences. The WEF said that many security leaders feel that they are not consulted in security decisions, and only 68% believe cyber-resilience forms a major part of their organization’s overall corporate risk management. In addition, over half (59%) of all cyber leaders admitted they would find it challenging to respond to a cybersecurity incident due to a shortage of skills within their team. Supply chain security was another major concern among cyber leaders, with almost nine in 10 (88%) viewing SMEs as a key threat to supply chains. Interestingly, 59% of cyber leaders said cyber-resilience and cybersecurity are synonymous, with the differences not well understood. The report, compiled of various sources, including a survey of global cyber leaders, also looked at the surging ransomware threat. Four in five (80%) cyber leaders said they considered this vector a dangerous and evolving threat to public safety, while 50% indicated ransomware is one of their greatest concerns.


European Regulators Hand Out €1.1 Billion in GDPR Fines

Permalink - Posted on 2022-01-18 16:00

Europe’s data protection regulators issued over €1bn ($1.1bn) in GDPR fines since January 2021, a massive 594% year-on-year increase, according to international law firm DLA Piper. The firm’s annual figures are a useful indication of the level of regulatory activity among the region’s privacy regulators. It claimed that there had been an 8% rise in breach notifications, to 130,000 for the region since January 28 last year. The study applies to the 27 EU member states plus the UK, Norway, Iceland and Liechtenstein, which also follow the GDPR. Interestingly it is tiny land-locked Luxembourg that imposed the most significant individual fine: a €746m penalty for Amazon for failing to process customers’ data in accordance with the law. Ireland came in second place with a €225m fine levied against WhatsApp, and France rounded out the top three by fining Google €50m, although that was issued several years ago.


South Africa's New Traffic Fine System Exposed Personal Data

Permalink - Posted on 2022-01-18 17:00

An online interface set up for the Administrative Adjudication of Road Traffic Offences (Aarto) system exposed the personal information of every South African who received an infringement notice under the new law. Personal data contained in the leak included full names, ID numbers, residential or business addresses, phone numbers, vehicle registration information, and infringement details.


Canada: Cyber Attack at Arnprior Regional Health; Data Stolen

Permalink - Posted on 2022-01-18 17:00

A cyber-attack breached the IT system at Arnprior Regional Health (ARH) on Dec. 21. ARH has not responded the Metroland’s requests to learn if the attacker or attackers still have access to the system, who they are, where the attack originated, and if they made contact with ARH.


South Australian Gov't Issues Breach Notice to Hacked Payroll Provider

Permalink - Posted on 2022-01-18 17:00

Payroll software provider Frontier Systems has been issued with a breach of contract notice over a ransomware attack that saw the personal details of 80,000 South Australian public servants stolen. Department of Treasury and Finance chief David Reynolds revealed the the action after it emerged government data had been stolen directly from Frontier’s corporate network. The government first disclosed the extent of the data breach in November, when it said at least 38,000 employees had their records stolen and, in some cases, published on the dark web. It later revised up this figure, putting the number of public servants affected by the breach at closer to 80,000. Data accessed included names, dates of birth, addresses and tax file numbers, leading the Australian Taxation Office to temporarily lock people out of their ATO Online accounts.


Malta: IT Frm C-Planet Fined €65,000 Over Massive Voter Data Breach

Permalink - Posted on 2022-01-18 16:00

Data Protection Commissioner Ian Deguara issued the administrative penalty against C-Planet It Solutions Limited which was hired by the Labour Party to manage a cache of private information on some 337,384 Maltese voters. The information was leaked online in April 2020. Names, addresses, ID card details, phone numbers and the voting intentions of around two-thirds of the population were exposed. Times of Malta had revealed how the database was an internal list of voters which Labour had codenamed ‘Local Area Network’. Along with information taken from the confidential electoral register, the list included a field with entries of either ‘1’ or ‘2’ beside each voter.


India: Aditya Birla Fashion Confirms Data Breach

Permalink - Posted on 2022-01-18 16:00

On Monday, it was reported that the company's database was hacked into and information was made public by a hacker group. Initial reports had claimed that the information leaked included customer information including names, phone numbers, addresses, dates of birth, order histories, credit card details, and passwords, and details of employees, including salary details, religion, and marital status.


EHR Vendor Faces Legal Action Over Data Breach

Permalink - Posted on 2022-01-17 16:00

A Tennessee-based healthcare technology services company is facing legal action over a cyber-attack that occurred in August 2021. The class action lawsuit was filed against QRS Healthcare Solutions (QRS, Inc), an electric health record (EHR) vendor and provider of integrated practice management and clinical services, including electronic patient portals. On August 26 2021, QRS discovered that a cyber-attacker had accessed a QRS dedicated patient portal server on which certain sensitive information was stored. According to a data security notice published by QRS on its website, the cyber-attack “involved the personal information, including the health information, of some of its clients’ patients.”


Umbrella Company Parasol Group Confirms Cyber Attack as Root Cause of Prolonged Network Outage

Permalink - Posted on 2022-01-17 17:00

Umbrella company Parasol Group has confirmed why it shut down part of its IT last week: it found unauthorised activity from an intruder. As reported by us on Friday, the umbrella company's MyParasol portal, where timesheets are submitted, was not accessible due to a multi-day outage starting on 12 January, impacting the processing of payroll. Tech freelancers suspected a cyberattack was to blame for the blackout and sure enough the Group wrote to customers at the close of last working week to explain in more detail what had happened. Doug Crawford, CEO at Parasol, said in an email to customers seen by us that the "root cause" of the issue affecting IT systems "has been identified as malicious activity on our network." Crawford – who did not confirm the nature of the break-in, widely speculated to be ransomware – added: "The activity did not enter via the core Parasol platforms, but to ensure the safety and integrity of your data, we suspended our systems to protect the Parasol community. As you know, this included the MyParasol portal and our other outbound and inbound communication channels," he said in the email.


Personal Information Compromised in Goodwill Website Hack

Permalink - Posted on 2022-01-17 16:00

Nonprofit organization Goodwill has started notifying users of its ShopGoodwill.com e-commerce platform that their personal information was compromised as a result of a cybersecurity breach. The ShopGoodwill website is currently offline “for maintenance,” but it’s unclear if it’s related to the breach. This appears to be the second data breach disclosed by the nonprofit in the past decade.


EHR Vendor Facing Class Action Lawsuit Over 320,000 Record Data Breach

Permalink - Posted on 2022-01-14 17:00

QRS, a Tennessee-based healthcare technology services company and EHR vendor, is facing a class action lawsuit over an August 2021 cyberattack in which the protected health information (PHI) of almost 320,000 patients was exposed and potentially stolen. The investigation into the data breach confirmed a hacker had gained access to one of its dedicated patient portal servers between August 23 and August 26, 2021, and viewed and possibly obtained files containing patients’ PHI. Sensitive data stored on the server included patients’ names, addresses, birth dates, usernames, medical information, and Social Security numbers. QRS started sending notification letters to affected individuals in late October and offered identity theft protection services to individuals who had their Social Security number exposed.


Online Pharmacy Notifies 105,000 Patients About Cyberattack and Potential Theft of PHI

Permalink - Posted on 2022-01-14 17:00

The Auburndale, FL-based digital pharmacy and health app developer Ravkoo has started notifying certain patients that some of their sensitive personal information has been exposed and potentially obtained by an unauthorized individual. Ravkoo hosts its online prescription portal on Amazon Web Services (AWS). The portal was targeted in a cyberattack that was detected on September 27, 2021. Upon discovery of the security breach, steps were immediately taken to secure the portal and third-party cybersecurity experts were engaged to assist with the forensic investigation, mitigation, restoration, and remediation efforts. The investigation confirmed sensitive patient data had been exposed and may have been compromised, including names, addresses, phone numbers, certain prescription information, and limited medical data. Ravkoo said the impacted portal did not contain any Social Security numbers, which are not maintained in the affected portal.


Austrian Regulator Says Google Analytics Contravenes GDPR

Permalink - Posted on 2022-01-14 17:00

A new ruling from the Austrian Data Protection Authority (DPA) traps EU/U.S. data transfers between a rock and hard place. The rock is GDPR. The hard place is FISA. And the two are fundamentally incompatible. The purpose of GDPR is to protect the personal information of European citizens and residents. The purpose of FISA Section 702 (supported by EO 12333) is to ensure that U.S. intelligence agencies can collect data on foreign citizens for national security and cybersecurity purposes. GDPR is a consequence of the latter – a response to Edward Snowden’s revelations on the NSA’s global surveillance programs. Neither side will easily abandon its current position. The Schrems II ruling in 2020 annulled the Privacy Shield agreement between the US government and the EC. This had been used to ‘legalize’ data transfers between the two trade blocs. The primary reason for the annulment was FISA 702, a statute that authorizes the collection of communications content stored by U.S. service providers such as Google, Facebook and Microsoft. U.S. telecom providers can be compelled to assist. The Schrems II ruling effectively declares that so long as FISA 702 exists, EU personal data cannot be sent to the U.S. It does not rule out the use of standard contractual clauses to protect and legalize transfers, but insists that those clauses must solve the 702 issue. This is not possible. The latest ruling, from the Austrian regulator, concerns data from a European company transferred to Google in the U.S. via Google Analytics. The decision states the standard clauses used by the EU company to transfer the data are inadequate because Google “is subject to surveillance by U.S. intelligence agencies pursuant to U50.S. Code§1881a (“FISA 702”); and… they do not eliminate the possibilities of surveillance and access by US intelligence services.”


Accellion Reaches $8.1 Million Settlement to Resolve Data Breach Litigation

Permalink - Posted on 2022-01-14 17:00

Accellion Inc has reached an $8.1 million deal with a proposed nationwide class to end litigation over a breach of its legacy file transfer product, a platform that allowed companies to securely share large or sensitive files, according to settlement papers filed in California federal court. The Palo Alto-based tech company faced claims that it failed to properly secure sensitive personal information of millions of individuals after hackers exploited a vulnerability in Accellion's platform, according to a motion for preliminary approval of the settlement, filed by the plaintiffs' lawyers on Wednesday. The data breach impacted a variety of Accellion clients, including law firms Jones Day and Goodwin Procter. The proposed class, millions of individuals whose data was stored by companies that used Accellion's file transfer product, in a recently amended complaint said information including names, birthdates, Social Security numbers, medical and drivers' license information was exposed. The current settlement would resolve claims only against Accellion, but there are pending agreements in cases against several Accellion clients over the incident, according to the Wednesday filing. Supermarket chain Kroger Co has agreed to a $5 million settlement, which has received preliminary court approval. There are also pending settlements with Flagstar Bancorp Inc and Health Net LLC, a subsidiary of managed care company Centene Corp, the plaintiffs' lawyers said.


Hackers Steal $18.7 Million from Animoca's Lympo NTF Platform

Permalink - Posted on 2022-01-14 17:00

Lympo has become a target of a hot wallet security breach due to which the platform lost roughly 165.2 million LMT tokens, valued at around $18.7 million. Lympo’s team posted a short Medium update revealing that hackers gained access to the platform’s operational hot wallet on Monday and managed to steal 165.2 Million LMT. Most of the stolen tokens were sent to a single address where the funds were swapped for Ether on SushiSwap or Uniswap before being sent to other addresses. The attackers hacked ten different project wallets. Lympo claims that attackers during the attack the threat actors connected to its internet-facing crypto wallet and used it to send/receive cryptocurrency.


Hackers Raided Panasonic Server for Months, Stealing Personal Data of Job Seekers

Permalink - Posted on 2022-01-13 17:00

Tech giant Panasonic has confirmed that one of its servers suffered a data breach which saw the personal information of job applicants accessed by an unauthorised party. The security breach, which saw hackers illegally access a Panasonic file server located in Japan via an overseas subsidiary, began on June 22 2021, and only ended on November 3 2021. What we are not told, however, is just how many people may have had their personal information fall into the hands of cybercriminals.Panasonic confirmed the hackers had accessed sensitive data of job candidates this week, having previously only referred to "some data" having been accessed during the intrusion.


New Mexico: School's Out as Cyber Attack Forces APS to Cancel Classes

Permalink - Posted on 2022-01-13 17:00

A cyberattack against Albuquerque Public Schools prompted the state’s largest district to cancel all classes districtwide on Thursday and possibly Friday. APS Superintendent Scott Elder said the attack was discovered Wednesday morning “when teachers tried to log onto our student information system and were unable to gain access to the site.” The district is working with authorities. A spokeswoman couldn’t say whether hackers had demanded money from APS.


Ransomware Attack Locks Down U.S. Prison

Permalink - Posted on 2022-01-13 17:00

A ransomware attack locked down a US jail, knocking out security cameras and leaving inmates confined to their cells, court documents show. Cyber attackers hacked into the computer system that controls servers and internet access at the prison in Bernalillo County, New Mexico last week. For a short time, the jail's automatic door system was knocked out, meaning staff at the Metropolitan Detention Center (MDC) had to manually unlock each cell when detainees needed to get out for exercise or recreation.


FCC Proposes Stricter Data Breach Reporting Rules

Permalink - Posted on 2022-01-13 17:00

Following a series of hacks and data leaks at US telecom companies, the Federal Communications Commission has proposed today a series of changes to its data breach notification requirements. FCC Chairwoman Jessica Rosenworcel, who published the proposed rules earlier today, said that the agency needs to update its existing reporting rules to “fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers,” which often learn of breaches long after they have occurred. “Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information,” Rosenworcel said. To achieve this, the FCC believes that by eliminating a seven-business-day waiting period that is granted to telecom companies before notifying customers of a breach is a good step to start. The direct consequence of removing this current waiting period will be that telecom companies can notify customers of a breach as soon as it happens—if they are in a capability of doing so and haven’t been told by a law enforcement agency to wait until an investigation has been completed. In addition, the FCC wants telecoms to be required to notify customers of inadvertent data leaks as well, and not only situations where a malicious and intentional act was involved. This means telecoms will have to notify customers of situations where they accidentally left personal data exposed online on unsecured servers, something that not all providers currently do. Furthermore, the FCC wants telecommunications providers to notify its agency as well about any breach, and not just the FBI and the Secret Service.


600,000 Credit Reports, Financial Data, and Collections Records Exposed Online

Permalink - Posted on 2022-01-13 17:00

Security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained 822,789 records. The dataset had detailed information on trucking, transport companies, and individual drivers. The data appeared to be connected to credit accounts, loans, repayment, and debt collections. This included banking information and tax ID numbers. Many of the Tax IDs were consistent with what appeared to be SSN (Social Security Numbers) and stored in plain text. Upon further research there were multiple references including internal emails and usernames of a Florida based company called TransCredit. We immediately sent a responsible disclosure notice to TransCredit and public access was restricted shortly after. The records appeared to contain the data of trucking and transportation companies based in the United States and Canada.


Canada: Privacy Breach as Names and Vaccine Status of DDSB Staff Leaked

Permalink - Posted on 2022-01-12 17:00

A recent privacy breach at the Durham District School Board (DDSB) resulted in the names of staff who are not vaccinated for COVID-19, or have not disclosed their status, inadvertently being shared with about 400 people. The breach happened when the board sent out a “routine” email about rapid testing. Attached to the email was a spreadsheet that listed the names of about 800 unvaccinated or undisclosed staff — the DDSB has about 10,000 employees in total. Staff whose names appear on the list are calling the situation a “shocking” breach of medical privacy.


Maryland Department of Health Confirms Ransomware Attack

Permalink - Posted on 2022-01-12 17:00

A disruption last month in the Maryland Department of Health’s reporting of COVID-19 data was in fact a ransomware attack, the state’s Chief Information Security Officer Chip Stewart said Wednesday. In early December, the state health department was unable to report COVID-19 data following a cyberattack. The agency attributed the lack of updates to a “server outage.” The cyberattack also took away resources the agency’s website normally has available, including pages inviting Marylanders to apply for Medicaid, get data on local nursing home safety, and order free at-home testing for sexually transmitted infections. By Dec. 10, state health officials were able to report some COVID-19 data, such as hospitalizations, but all the topline metrics were not fully restored until Dec. 20, following a two-week hiatus.


Electronic Arts Confirms Dozens of High-Profile FIFA Accounts Hacked

Permalink - Posted on 2022-01-12 17:00

Gaming giant Electronic Arts (EA) confirmed that about 50 high-profile FIFA 2022 accounts were hacked over the last few weeks. In a statement, the company said the accounts were compromised through phishing techniques and other social engineering methods that were used to dupe EA customer experience team members into helping the hackers around two-factor authentication. EA said the hackers used "threats" to "exploit human error within our customer experience team." "Over the last few weeks we've been made aware of reports that high-profile player accounts are being targeted for takeover. Through our initial investigation we can confirm that a number of accounts have been compromised via phishing techniques," EA said in a statement. "At this time, we estimate that less than 50 accounts have been taken over using this method. We are currently working to identify rightful account owners to restore access to their accounts, and the content within, and players affected should expect a response from our team shortly. Our investigation is ongoing as we thoroughly examine every claim of a suspicious email change request and report of a compromised account." Gamers took to social media over the last two weeks to complain about the issues. While the EA statement only cites less than 50 accounts, the initial story about the incident from Eurogamer said the top 100 traders in FIFA Ultimate Team were targeted. Many of these players make significant amounts of money through their gameplay.


Europol Ordered to Delete Vast Trove of Personal Information

Permalink - Posted on 2022-01-12 17:00

Europol has been told to delete a vast data trove of information on individuals with no link to criminality after previously failing to comply with regulations governing the policing body. The European Data Protection Supervisor (EDPS) notified Europol of the order on January 3, following an inquiry in 2019. It now has 12 months to filter and extract relevant personal data permitted for analysis under the so-called Europol Regulation. Any data older than six months on individuals not linked to criminality (known as data subject categorization) must be deleted, the EDPS said. Europol’s apparent foot-dragging and failure to comply with the principles of data minimization and storage limitation enshrined in the Europol Regulation led to a rare admonishment by the EDPS in September 2020.


213,000 Florida Digestive Health Patients Informed of 2020 Data Compromise

Permalink - Posted on 2022-01-12 17:00

Florida Digestive Health Specialists recently notified 212,509 patients that their data was potentially compromised one year ago, during the hack of multiple employee email accounts. First discovered on Dec. 16 2020, an employee reported suspicious activity within their FDHS email account, stemming from a number of emails being sent that were not generated by the user. Five days later, FDHS company funds were rerouted to an unknown bank account, which prompted an investigation. The investigators found that multiple employee email accounts were accessed during the email hack and began a forensic analysis to determine what information was stored in the accounts. The compromised health information included full names, Social Security numbers, financial information, contact details, medical data, health insurance information and individual policy numbers, diagnoses, and Medicare or Medicaid data. Investigators found no evidence any health information was accessed or downloaded, but it could not be ruled out.


Hackers Hit Healthcare Data Management Company

Permalink - Posted on 2022-01-12 17:00

The protected health information (PHI) of thousands of individuals may have been exposed in a hacking incident at a healthcare information management company based in Georgia. Clinical or treatment information and social security numbers were among the sensitive data compromised during a successful cyber-attack on Ciox Health last summer. Ciox Health, headquartered in Alpharetta, provides various services, including information release, medical record retrieval and health information management to more than 30 healthcare providers. According to a notice recently issued by Ciox Health, an unauthorized person accessed the email account of a Ciox employee between June 24 2021 and July 2 2021. The company warned that the threat actor may have used that access to download emails and attachments associated with the compromised account.


Corporate Cyber Attacks Spike 50% in 2021

Permalink - Posted on 2022-01-11 16:00

Global weekly cyber-attacks hit an all-time high in Q4 2021 of 925 attempts per organization, according to new data from Check Point. The security vendor analyzed information collected by hundreds of millions of global sensors from its Threat Prevention products across networks, endpoints and mobiles. It claimed attempted attacks have been continuously increasing since Q2 2020, with 50% more attacks seen per week on corporate networks in 2021 compared to 2020. The education and research sector experienced the highest volume of attacks during 2021, amounting to an average of 1605 per organization every week, a 75% increase on 2020. It was followed by government/military with 1136 attacks, up 47% year-on-year, and communications with 1079, up 51%. Africa experienced the highest volume of weekly attacks in 2021, with an average of 1582 per organization, a 13% increase from 2020. However, European organizations experienced the most significant increase in weekly attacks, up 68% to 670, according to the report.


Over 30 Healthcare Providers Affected by CIOX Health Data Breach

Permalink - Posted on 2022-01-11 16:00

The health information management services provider CIOX Health has suffered a data breach that has affected at least 32 healthcare providers. In July 2021, CIOX Health discovered an unauthorized individual had gained access to the email of an employee in the customer service department. The CIOX Health breach investigation confirmed that the incident was confined to a single employee email account, with the review of the contents of the email account determining on September 24, 2021, that it contained emails and attachments that included the protected health information of some of its healthcare provider clients such as names, dates of birth, provider names, dates of service, and the Social Security numbers, driver’s license numbers, health insurance information, and/or treatment information.


Major Indian Fashion Retailer Hacked and Data Leaked

Permalink - Posted on 2022-01-11 16:00

Another major Indian firm has fallen prey to a massive cyberattack. This time, the victim is a Fortune India 500 List company: Mumbai-headquartered Aditya Birla Group (ABG). In early December, DataBreaches.net was contacted by ShinyHunters, who alerted this site to the attack which was then still in progress. The firm had detected them early, ShinyHunters told this site, but the threat actors still had access. Even as of today, ShinyHunters claims to still have access. Today, ShinyHunters notified DataBreaches.net that after more failed negotiations between ShinyHunters and ABG or their representative — negotiations that ShinyHunters described to this site as a stalling tactic — ShinyHunters was leaking the data on a popular forum where data are shared or sold. ShinyHunters informed this site that although they acquired customers’ credit card data with expiration date and CVV — and that ABFRL Pantaloons knows that ShinyHunters is in possession of such data, the firm has allegedly not informed customers about the breach of card data. If they have notified employees and customers privately of the data breach and exfiltration of data, DataBreaches.net has seen no proof of that as yet.


Cosmetics Company Clarins Hit by Data Security Incident

Permalink - Posted on 2022-01-11 16:00

French cosmetics company Clarins has been hit by a data security incident which "may involve" Singapore customers’ personal information, it said on Tuesday (Jan 11). The company said in a statement on its website that the incident was due to a critical vulnerability in a widely used software known as Log4j. The data accessed may have included customers’ personal information such as name, address, email, phone number and Clarins loyalty programme status, it added.


MRIoA Discloses Data Breach Affecting 134,000 People

Permalink - Posted on 2022-01-11 16:00

The incident, MRIoA says, was discovered on November 9, 2021. A couple of days later, the organization discovered that personal information was compromised in the attack and, by November 16, it had managed to retrieve it. The investigation into the incident has revealed the theft of protected health information such as names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results), and financial information (such as health insurance policy and group plan number).


Over Half of SMEs Have Experienced a Cyber Security Breach

Permalink - Posted on 2022-01-10 16:00

Over half (51%) of SME businesses and self-employed workers in the UK have experienced a cybersecurity breach, according to a new study by insurance firm Markel Direct. The findings were taken from a survey of 1000 SME firms and self-employed individuals in the UK, underlining fears that these organizations are at particularly high risk of cyber-attacks due to lack of resources and cybersecurity expertise. This issue has been exacerbated by the digital shift during COVID-19. The most common attack methods faced by these organizations were malware/virus related (24%), data breaches (16%) and phishing attacks (15%). More than two-thirds (68%) of respondents said the cost of breaches they experienced was up to £5000. The study also analyzed the extent of cybersecurity measures that are in place for SMEs and the self-employed. Nearly nine in 10 (88%) respondents said they had at least one form of cybersecurity, such as antivirus software, firewalls or multifactor authentication, and 70% said they were fairly confident or extremely confident in their cybersecurity arrangements. Of these organizations and individuals, 53% had antivirus/malware software in place, and 48% had invested in firewalls and secure networks. In addition, nearly a third (31%) revealed they conducted risk assessments and internal/external audits on a monthly basis. Worryingly, 11% of respondents said they would not spend any money on cybersecurity measures, viewing them as “unnecessary costs.”


Comelec Investigating Alleged Data Breach Ahead of #Halalan2022

Permalink - Posted on 2022-01-10 16:00

The Commission on Elections (Comelec) has suffered another data breach with 4 months to go before the crucial May national elections, a Manila Bulletin report claimed Monday, saying "60 gigabytes" worth of "sensitive voter information" and other data have been stolen by unidentified hackers. The Manila Bulletin (MB) on Monday said its Technews Team has verified information from a source about the supposed hacking that took place Saturday. MB claimed hackers also took network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.


Millennium Eye Care Hit by Ransomware Gang Which Stole Large Amount of Patient Data

Permalink - Posted on 2022-01-10 16:00

Millennium Eye Care, a Freehold, NJ-based provider of ophthalmology services, announced on December 22, 2021, that hackers recently gained access to its computer network and used ransomware to encrypt files in an attempt to extort money from the practice. It is unclear when the attack occurred from its breach notification letters, but Millennium Eye Care said it discovered on November 14, 2021, that the attackers had exfiltrated “a large amount of data” prior to encrypting files. The files obtained in the attack included a range of protected health information including names and Social Security numbers. The cyberattack was detected on October 27, 2021, and resulted in certain systems within its computer network being made unavailable. A third-party cybersecurity firm was engaged to investigate and determine the nature and scope of the attack. The investigation confirmed that unauthorized individuals had access to parts of its network between October 21 and October 27, and those systems contained the personal information of employees and information related to its self-insured health plan, such as names, dates of birth, Social Security numbers, driver’s license numbers, and benefits information.


Thailand: Huge Patient Data Leak from Siriraj Hospital

Permalink - Posted on 2022-01-10 16:00

About 39 million purported patient records from Siriraj Hospital have been offered for sale on an internet database-sharing forum in what appears to be the latest hack of the country's public health sector. Authorities are investigating the post, which was on raidforums.com. The leak is said to include records of VIP patients. The data supposedly comprises names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other information, according to the poster, who used the name "WraithMax".


City of Grass Valley, California, Suffers Data Breach – Employee and Citizen Information Exposed

Permalink - Posted on 2022-01-10 16:00

More details concerning an extensive data breach at the City of Grass Valley, California, revealed the information of employees, citizens, and others was copied and transferred to another network. A statement from the city council previously confirmed that it had experienced “unauthorized access” to its systems between April 13 and July 1, 2021. An investigation has now determined the extent of the attack, revealing that the malicious actor had transferred files outside of the city’s network, including the financial and personal information of “individuals associated with Grass Valley”. Data accessed from records belonging to Grass Valley employees – including former employees, spouses, dependents, and individual vendors – include names and one or more of the following: Social Security numbers, driver’s license numbers, and limited medical or health insurance information. For individual vendors that were hired by the city, names and Social Security numbers were accessed. According to city representatives, the breach may have also impacted individuals whose information had been provided to the Grass Valley Police Department, along with loan applicants who requested funds from the Grass Valley Community Development Department.


Jefferson Surgical Clinic Notifies 174,769 About Data Breach

Permalink - Posted on 2022-01-07 17:00

On January 6, Jefferson Surgical Clinic in Virginia reported a breach involving protected health information to the Maine Attorney General’s Office. External counsel for JSC notified Maine that 174,769 people were being notified of the incident and were being offered credit monitoring services. It is not clear from the report whether all of those are patients or if some subset of them are employees or contractors.


COVID Test Data Breach at British School

Permalink - Posted on 2022-01-07 17:00

A mix-up at a school in Worcestershire, England, caused parents to receive the COVID-19 test results of other people’s children. The data breach, reported today by the Evesham Journal, occurred at co-educational secondary school and sixth-form college The De Montfort School (TDMS) in Evesham, which is part of the Four Stones Multi Academy Trust. After the holiday season, students returning to learning underwent asymptomatic testing for the coronavirus at TDMS on Tuesday. In a security incident ascribed to “human error,” some students’ test results were sent to the wrong guardians.


BioPlus Specialty Pharmacy Services Faces Class Action Lawsuit Over Data Breach

Permalink - Posted on 2022-01-07 17:00

A Florida specialty pharmacy is facing a class action lawsuit over an October 2021 cyberattack in which the personally identifiable information (PII) and protected health information (PHI) of up to 350,000 patients were stolen. Altamonte Springs, FL-based BioPlus Specialty Pharmacy Services said a hacker had access to its network from October 25, 2021, until November 11, 2021, and during that time viewed files containing sensitive patient data. A computer forensics firm investigated the breach and confirmed patient data had been accessed. Since it was not possible to determine how many patients had been affected, the decision was taken to send notification letters to all 350,000 patients on or around December 10, 2021, one month after the breach was discovered. Data potentially compromised in the attack included names, contact information, dates of birth, medical record numbers, health insurance and claims information diagnoses, prescription information, and Social Security numbers. Affected individuals were offered a 12-month subscription to credit monitoring services at no cost.


Singapore: Personal Details of OG Department Store Customers Leaked in Data Breach

Permalink - Posted on 2022-01-07 17:00

There has been a leak of OG department store customers' personal data such as names, mobile numbers and dates of birth, said the retailer on Thursday (Jan 6). In a statement to OG members, the department store said it was notified on Tuesday about the data breach, which affected members who are in either the basic or gold tiers. In the statement to its members, OG said its preliminary investigations indicated that the database, which had been stored and managed by an external third-party membership portal service provider, had been compromised. Data that may have potentially been compromised includes the names of OG members, their mailing addresses, e-mail addresses, mobile numbers, genders and dates of birth. Encrypted data - of NRIC numbers and passwords - could also have been stolen.


FinalSite Ransomware Attack Shuts Down Thousands of School Websites

Permalink - Posted on 2022-01-07 17:00

FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. In addition to the website outages, a system administrator shared on Reddit that the attack prevented schools from sending closure notifications due to weather or COVID-19.


FlexBooker Discloses Data Breach, Over 3.7 Million Accounts Impacted

Permalink - Posted on 2022-01-07 17:00

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. Among FlexBooker’s customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on. Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs. According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver’s license photos.


Online Pharmacy Ravkoo Links Data Breach to AWS Portal Incident

Permalink - Posted on 2022-01-07 17:00

Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. Alpesh Patel, the online pharmacy's CEO, said in a public notification on Ravkoo's site that the incident was reported to the FBI. The company is assisting the federal law enforcement agency's ongoing investigation into the matter.


France Hits Google, Facebook with Huge Fines Over 'Cookies'

Permalink - Posted on 2022-01-06 17:00

French regulators have hit Google and Facebook with 210 million euros ($237 million) in fines over their use of "cookies", the data used to track users online, authorities said Thursday. The 150-million-euro fine imposed on Google was a record by France's National Commission for Information Technology and Freedom (CNIL), beating a previous cookie-related fine of 100 million euros against the company in December 2020. Facebook was handed a 60-million-euro fine.


Chemicals Company Element Solutions Discloses Cyber Security Incident

Permalink - Posted on 2022-01-06 16:00

Florida-based specialty chemicals company Element Solutions on Wednesday revealed that it had experienced a cybersecurity incident. The brief description of the breach shared by Element Solutions suggests that it may have involved ransomware.


New Mexico: Albuquerque Impacted by Ransomware Attack on Bernalillo County Government

Permalink - Posted on 2022-01-06 16:00

County government buildings and public offices were closed on Wednesday across the cities of Albuquerque, Los Ranchos, and Tijeras after a ransomware attack crippled the IT network of the Bernalillo County government. IT systems and public offices are expected to remain closed throughout Thursday and the rest of the week as well, as officials deal with the cyberattack’s aftermath. The name of the ransomware strain that has infected the county’s systems is currently unknown, along with other technical details such as how the attackers could have gained access to the county’s systems.


Health Technology Vendor QRS Faces Lawsuit After Data Theft Impacting 319,000 Patients

Permalink - Posted on 2022-01-06 17:00

Technology services vendor QRS is facing a class-action lawsuit, following its The Health Insurance Portability and Accountability Act breach notification informing 319,778 patients that their data was possibly stolen during a hack on an electronic patient portal. QRS is a third-party vendor that provides electronic patient portals and related services to healthcare provider organizations. In early November, QRS reported that an attacker gained access to a single, dedicated patient portal server for three days in August, leading to the unauthorized access to and likely exfiltration of patient-related data. The lawsuit shows the client was Lexington Heart Specialists in Kentucky.


Prosecutors File Additional Charges Against Former Uber Security Chief Over 2016 Data Breach Cover Up

Permalink - Posted on 2022-01-06 16:00

Additional charges have been added to the indictment against a former Uber chief security officer over his alleged involvement in the cover-up of a hack against the ride-hailing app in 2016. Wire fraud has joined the list of charges pending against Joseph Sullivan, 52, of Palo Alto, California over his alleged concealment of a 2016 attack that exposed 57 million user and 600,000 driver records. The latest charges – handed down in a superseding indictment returned by a federal grand jury – add to previous charges of obstruction of justice and ‘misprision of a felony’.


SlimPay Fined €180,000 After 12 Million Customers' Bank Data Publicly Accessible for 5 Years

Permalink - Posted on 2022-01-06 16:00

The firm describes itself as a leader in recurring payments for subscriptions, and provides an API and processing service to take care of such payments on behalf of client organisations, which include Unicef, BP, and OVO Energy, to name but a few. However, it appears that in 2015 SlimPay undertook an internal research project into an anti-fraud mechanism, for which it used personal data contained in its customer databases for testing purposes. Using real data is a good way to ensure that development code is working as expected before live deployment, but when you are dealing with sensitive information such as bank account details, great care must be taken not to fall foul of data protection regulations. Alas, according to CNIL (Commission nationale de l'informatique et des libertés), when SlimPay's research project ended in July 2016, the data was left in place on a server that was freely accessible from the public internet without any security procedures in place. Worse still, the company was apparently unaware of this situation until February 2020, when one of SlimPay's customers became aware of the server and tipped it off.


Almost 80,000 Patients Affected by Cyber Attack on Fertility Centers of Illinois

Permalink - Posted on 2022-01-06 16:00

Fertility Centers of Illinois (FCI) has recently notified 79,943 current and former patients that some of their protected health information may have been viewed or obtained by unauthorized individuals. FCI identified suspicious network activity on February 1, 2021, and took prompt action to secure its systems. Independent forensic investigators were then engaged to determine the nature and scope of the security breach. FCI had implemented security measures to keep patient data secure, and those measures ensured its electronic medical record system could not be accessed; however, the attackers were found to have accessed administrative files and folders. A review of those files confirmed on August 27, 2021, that they contained a range of patient data including names in combination with one or more of the following types of information: Social Security numbers, passport numbers, financial account information, payment card information, diagnoses, treatment information, medical record numbers, billing/claims information, prescription information, Medicare/Medicaid identification information, health insurance group numbers, health insurance subscriber numbers, patient account numbers, encounter numbers, referring physicians, usernames and passwords with PINs or account login information. Employee information was also potentially compromised including names, employer-assigned identification numbers, ill-health/retirement information, occupational health-related information, medical benefits and entitlements information, patkeys/reason for absence, and sickness certificates.


FTC settles with data Analytics Firm After Millions of Americans' Mortgage Files Exposed

Permalink - Posted on 2022-01-06 16:00

The Federal Trade Commission has approved a settlement with a mortgage data analytics firm for a 2019 security lapse that exposed millions of sensitive mortgage documents containing the private information of thousands of Americans. The settlement, announced late December, orders the Texas-based firm Ascension to strengthen its security practices and ensure that its vendors also maintain proper data security safeguards. The order comes two years after a TechCrunch investigation found that OpticsML, a New York-based vendor working for Ascension, left a database of highly sensitive financial data exposed to the internet without a password. No financial penalties were imposed as part of the settlement. The FTC accused Ascension of failing to ensure that its vendors were complying with data security safeguards as required by the Gramm-Leach Bliley Act’s Safeguard Rule. Much of the 24 million records exposed by the security lapse included names, dates of birth, Social Security numbers and other sensitive personal information that revealed intimate details of a person’s financial life. TechCrunch also found exposed bank account information and loan agreements. A data breach notice filed with the California attorney general’s office revealed credit files and driver’s license numbers were also exposed. According to the FTC, more than 60,000 Americans were affected by the lapse.


Administrative Fine Imposed on Psychotherapy Center Vastaamo for Data Protection Violations

Permalink - Posted on 2022-01-06 16:00

The psychotherapy centre Vastaamo notified the Data Protection Ombudsman about an attack against its patient record database in September 2020. In October 2020, the Office of the Data Protection Ombudsman started an investigation into the legality of Vastaamo’s operations. Based on a technical investigation by the data security company Nixu in October 2020, the Deputy Data Protection Ombudsman finds that Vastaamo must have become aware that the patient data had disappeared and that it may have ended up in the possession of an external attacker already in March 2019. Vastaamo should have reported the breach both to the supervisory authority and its customers without delay. The Deputy Data Protection Ombudsman finds that the personal data had not been appropriately protected against unauthorised and illegal processing or accidental disappearance, and Vastaamo had not implemented basic measures to ensure the safe processing of personal data. Due to insufficient documentation, Vastaamo was not able to prove that it would have complied with the appropriate safety requirements, either. The Deputy Data Protection Ombudsman issued Vastaamo a reprimand on violating the GDPR. The sanctions board of the Office of the Data Protection Ombudsman imposed an administrative financial sanction of EUR 608 000 on Vastaamo. The sanctions board considers the acts of negligence extremely serious and Vastaamo’s actions in neglecting the duty to notify intentional. Furthermore, the violations were long-lasting. Vastaamo was declared bankrupt in February 2021. An administrative fine is the lowest priority claim in a bankruptcy. Therefore, the financial sanction will not reduce the funds available for other claims in bankruptcy, such as potential compensation for damages.


FTC to Go After Companies That Ignore Log4j

Permalink - Posted on 2022-01-05 17:00

The Federal Trade Commission (FTC) will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” according to the warning. Those companies that bungle consumer data, leaving vulnerabilities unpatched and thus opening the door to exploits and the resulting possible “loss or breach of personal information, financial loss and other irreversible harms,” are risking consequences tied to weighty laws that have resulted in fat fines, the FTC said.


UScellular Discloses Data Breach After Billing System Hack

Permalink - Posted on 2022-01-05 17:00

UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. The mobile carrier said in data breach notification letters sent to 405 impacted individuals that the attackers also ported some of the affected customers' numbers using personal information stolen in the incident. After hacking into UScellular's CRM system, the attackers could also view customers' account information, including their phone numbers and addresses.


Britian: Black Country Hospital Trust Suffers Significant IT Data Loss

Permalink - Posted on 2022-01-04 16:00

It is understood the incident happened last month and is said to have 'disrupted' over 20 systems across Sandwell and West Birmingham Hospitals NHS Trust, which runs Birmingham's City Hospital, Rowley Regis Hospital and Sandwell General Hospital. Richard Beeken, the trust's chief executive, says some eye patients were affected, with some operations and procedures being postponed 'on assessment of clinical risk'. In a report to the trust's board of directors, which calls it a 'major IT incident', Mr Beeken says: "Scanning continues and we are working to recover all historic images and patient contact details."


Saltzer Health Informs Patients of Personal Information Exposure

Permalink - Posted on 2022-01-04 16:00

Intermountain Healthcare-owned Saltzer Health is informing patients that their personal information might have been compromised after an unauthorized party gained access to an employee email account. The organization, which operates 12 clinics and urgent care facilities in Boise, Caldwell, Meridian, and Nampa, Idaho, said the attackers had access to the employee email account between May 25 and June 1, 2021. An investigation into the incident revealed that the email account did contain personal information that was potentially compromised during the period of unauthorized access, the company said in a statement.


Skimmer Injected Into 100 Real Estate Websites via Cloud Video Platform

Permalink - Posted on 2022-01-04 16:00

More than 100 real estate websites belonging to the same parent company were injected with web skimmer code via an unnamed cloud video platform. Increasingly popular, skimmer attacks involve the use of malicious JavaScript code to steal data provided by users on the targeted website. The attack was possible because the abused cloud video platform allows users to add their own JavaScript customizations to players, by uploading a JavaScript file that is included in the player. Leveraging this function, the threat actors provided a script that could be modified upstream, which allowed them to add the malicious content after the player was created.


Morgan Stanley to Pay $60 Million to Resolve Data Security Lawsuit

Permalink - Posted on 2022-01-03 17:00

Morgan Stanley agreed to pay $60 million to settle a lawsuit by customers who said the Wall Street bank exposed their personal data when it twice failed to properly retire some of its older information technology. A preliminary settlement of the proposed class action on behalf of about 15 million customers was filed on Friday night in Manhattan federal court, and requires approval by U.S. District Judge Analisa Torres. Customers accused Morgan Stanley of having in 2016 failed to decommission two wealth management data centers before the unencrypted equipment, which still contained customer data, was resold to unauthorized third parties. They also said some older servers containing customer data went missing after Morgan Stanley transferred them in 2019 to an outside vendor. Morgan Stanley later recovered the servers, court papers show.


Portuguese Newspaper Hacked by Group That Attacked Ministry of Health

Permalink - Posted on 2022-01-03 17:00

The Portuguese newspaper Expresso was attacked by hackers at dawn this Sunday, 2. Those responsible for the invasion are the Lapsus Group, the same team that shut down the Ministry of Health’s systems last December. The newspaper’s website displays a page similar to the one shown in the attack on the Brazilian government agency. hackers announced that they will leak data if they do not receive a value, and said they have control of the portal’s hosting system. Neither the stolen information nor the amount required was detailed.


Shopping Platform PulseTV Discloses Potential Breach Impacting 200,000 People

Permalink - Posted on 2022-01-03 17:00

PulseTV has started notifying roughly 200,000 users that their personal information and credit card data might have been compromised as a result of a cybersecurity breach. According to the online shopping platform, its website (pulsetv.com) was “a common point of purchase” for a series of unauthorized credit card transactions, and both VISA and MasterCard cards have been affected. In the notification letter to the affected individuals (a copy of which was submitted to the Maine Attorney General’s Office), PulseTV explains that it was first alerted of the suspicious activity by VISA, in March 2021.


Hospitality Chain Says Employee Data Stolen in Ransomware Attack

Permalink - Posted on 2022-01-03 17:00

Hospitality chain McMenamins has confirmed that employee information dating back to January 1998 was compromised in a recent data extortion ransomware attack. McMenamins, which operates a chain of breweries, pubs, hotels, and music venues in Oregon and Washington, says it blocked the attack on December 12, but warned that data of both current and past employees was compromised. The company has sent notification letters to individuals it employed between July 1, 2010 and December 12, 2021, encouraging past employees (January 1, 1998 to June 30, 2010) to visit its website for instructions on protecting their data. In a statement, the company said compromised data includes names, birth dates, physical and email addresses, phone numbers, race, ethnicity, gender, Social Security numbers, performance and disciplinary notes, income and retirement contribution amounts, and medical information such as disability status and health insurance plan elections. In addition, McMenamins says that the attackers might have been able to access “files containing direct deposit bank account information,” but notes that no evidence that they did has been found.


Broward Health Discloses Data Breach Affecting 1.3 Million People

Permalink - Posted on 2022-01-03 17:00

The Broward Health public health system has disclosed a large-scale data breach incident impacting 1,357,879 individuals. Broward Health is a Florida-based healthcare system with over thirty locations offering a wide range of medical services and receives over 60,000 admissions per year. The healthcare system disclosed a cyberattack on October 15, 2021, when an intruder gained unauthorized access to the hospital's network and patient data.


SEGA Europe Left AWS S3 Bucket Unsecured Exposing Data and Infrastructure to Attack

Permalink - Posted on 2022-01-03 17:00

The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along with MailChimp and Steam keys that allowed access to those services. in SEGA’s name. The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.


Patient Data Stolen in Cyber Attack on the Medical Review Institute of America

Permalink - Posted on 2021-12-29 16:00

The Medical Review Institute of America (MRoiA) suffered a suspected ransomware attack in November 2021 in which sensitive patient data were stolen. MRoiA is provided with patient data by HIPAA-covered entities as part of the clinical peer review process of healthcare services. In a data breach notice provided to the Vermont attorney general, MRoiA said it was the victim of a sophisticated cyberattack that was detected on November 9, 2021. Third-party cybersecurity experts were immediately engaged to conduct a forensic investigation to determine the nature and scope of the attack and to assist with its remediation efforts, including restoring its systems and operations. On November 12, 2021, MRoiA discovered the attackers had exfiltrated sensitive data, including patients’ electronic protected health information (ePHI). MRoiA did not state in the breach notification letter whether ransomware was involved, although the attack has the hallmarks of a double-extortion ransomware attack. MRoiA said the investigation into the attack is ongoing and a review of the compromised files has been completed. Individuals affected by the attack have had their full names compromised in addition to one or more of the following data elements: Gender, home address, phone number, email address, date of birth, Social Security number, medical history, diagnosis, treatment information, dates of service, lab test results, prescription information, provider name, medical account number (and other data stored in medical files/records), health insurance information, and claims information.


Over 212,500 Patients Affected by 2020 Email Account Breach at Florida Digestive Health Specialists

Permalink - Posted on 2021-12-29 16:00

The Bradenton, FL-based gastroenterology healthcare provider Florida Digestive Health Specialists (FDHS) has recently started notifying more than 212,000 patients that some of their protected health information has been exposed in a December 2020 cyberattack. The amount of data present in the compromised email accounts was provided as a reason for a 12-month delay in issuing notification letters to affected patients. FDHS said the review of the email accounts was time-consuming and only concluded on November 19, 2021.


Indian Authorities Set to Tighten Data Breach Laws in 2022

Permalink - Posted on 2021-12-29 16:00

The Reserve Bank of India (RBI) is adding new restrictions on who can hold payment card data, starting from January 1, 2022. Under the new rules, only the card issuer and card network can hold full card details. Others, including retailers, can only hold limited data for identification or “reconciliation purposes”. These data include the last four digits of the card number and the card issuer’s name. Any organization other than the card issuer or network that holds full card data needs to purge it. Organizations in India will be forced to disclose any data breach within 72 hours, with potential jail terms or fines being introduced for those who intentionally disclose personal data without the consent of the data processor. Firms will need to report any leaks and take “appropriate remedial measures” to protect their customers following a breach.


Another T-Mobile Cyber Attack Reportedly Exposed Customer Information and SIMs

Permalink - Posted on 2021-12-29 16:00

T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August. This time around, attackers accessed “a small number of” customers’ accounts, according to documents posted by The T-Mo Report. According to the report, customers either fell victim to a SIM swapping attack (which could allow someone to bypass SMS-powered two-factor authentication), had personal plan information exposed, or both. The document shows that the customer proprietary network information that was viewed could’ve included customers’ billing account name, phone and account number, and info about their plan, including how many lines were attached to their account.


Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom

Permalink - Posted on 2021-12-29 16:00

One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish customer data should ONUS refuse to comply. After the company's refusal to pay the ransom, threat actors put up data of nearly 2 million ONUS customers for sale on forums.


Cyber Attack on One of Norway's Largest Media Companies Shuts Down Presses

Permalink - Posted on 2021-12-29 16:00

Amedia, the largest local news publisher in Norway, announced on Tuesday that several of its central computer systems were shut down in what it is calling an apparent “serious” cyberattack. The attack is preventing the company from printing Wednesday’s edition of physical newspapers, and presses will continue to be halted until the issue is resolved, Amedia executive vice president of technology Pål Nedregotten said in a statement. The hack also impacts the company’s advertising and subscription systems, preventing advertisers from purchasing new ads and stopping subscribers from ordering or canceling subscriptions. The company said it is unclear whether personal information has been compromised—the subscription system affected by the attack contains names, addresses, phone numbers, and subscription history of customers. Data such as passwords, read history, and financial information are not affected, the company said.


U.S. Logistics Company Exposes Fortune 500 Clients

Permalink - Posted on 2021-12-28 17:00

The Website Planet security team discovered a data breach affecting D.W. Morgan, a multinational supply chain management and logistics company based in the United States. An Amazon S3 bucket owned by D.W. Morgan was left accessible without authorization controls in place, exposing sensitive data relating to shipments and the company’s clients. As a market leader, D.W. Morgan provides services to some of the biggest companies in the world and there are major Fortune 500 organizations with data exposed on the open bucket. An Amazon S3 bucket owned by D.W. Morgan was misconfigured, exposing more than 2.5 million files equating to over 100GB of data. These files relate to D.W. Morgan’s clients and their shipments.


Accountancy Firm Facing Class Action Lawsuit Alleging Negligence and Breach Notification Failures

Permalink - Posted on 2021-12-27 17:00

The Chicago, IN-based certified public accounting firm Bansley & Kiener LLP is facing a class action lawsuit over a data breach that was reported to regulators this December. The breach in question occurred in the second half of 2020, with the investigation indicating hackers accessed its systems between August 20, 2020, and December 1, 2020. Bansley & Kiener discovered the breach on December 10, 2020, when ransomware was used to encrypt files. Bansley & Kiener explained in its breach notification letters that it was confirmed on May 24, 2021, that the attackers had exfiltrated data from its systems prior to encrypting files. Bansley & Kiener manages payroll, health insurance, and pension plans for its clients. In total, the sensitive information of 274,000 individuals was exposed or compromised, including names, dates of birth, Social Security numbers, passport numbers, tax IDs, military IDs, driver’s license numbers, financial account information, payment card numbers, health information, and complaint claims. While the attack was detected in December 2020, it took until December 2021 for notification letters to be issued to affected individuals and for state attorneys general and the HHS’ Office for Civil Rights to be notified about the breach, 6 months after it was confirmed that sensitive data was stolen in the attack. The lawsuit was filed by Mason Lietz & Klinger LLP in the Circuit Court, First Judicial Circuit of Cook County, Illinois on behalf of plaintiff Gregg Nelson. The lawsuit alleges Bansley & Kiener failed to safeguard the sensitive data of its clients and failed to provide timely, accurate, and adequate notice of the data breach to individuals whose sensitive information was stolen.


IT Services Firm Inetum Discloses Ransomware Attack

Permalink - Posted on 2021-12-27 17:00

French IT services company Inetum Group revealed just before Christmas that it had fallen victim to a ransomware attack, but claimed that impact on its operations was limited. According to the company, only its operations in France were affected by the cyberattack, with other operations remaining unharmed.


Shutterfly Services Disrupted by Conti Ransomware Attack

Permalink - Posted on 2021-12-27 17:00

On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang, who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers. While BleepingComputer has not seen the negotiations for the attack, we are told that they are in progress and that the ransomware gang is demanding millions of dollars as a ransom. Conti also claims to have the source code for Shutterfly's store, but it is unclear if the ransomware gang means Shutterfly.com or another website. After contacting Shutterfly on Friday about the attack, BleepingCompuer was sent a statement confirming the ransomware attack late Sunday night.


Alibaba Suffers Government Crackdown Over Log4j

Permalink - Posted on 2021-12-23 18:00

Chinese tech giant Alibaba has reportedly been shunned by China’s top tech regulator for failing to report the infamous Log4j vulnerability quickly enough. Local media claimed that the firm’s Alibaba Cloud business, which has a large team of security researchers, failed to report the issue to the Ministry of Industry and Information Technology (MIIT). According to news site Protocol, a Chinese regulation dubbed Provisions on Security Loopholes of Network Products was in force as of September. It mandates vulnerabilities be reported immediately to the manufacturer and within two days to the Chinese authorities. As a result, Alibaba Cloud has reportedly been suspended from MIIT’s threat information sharing platform for six months.


Up to 120,000 Cops May Have Legal Claim Over 2019 Breach

Permalink - Posted on 2021-12-23 18:00

Lawyers are seeking a “group litigation order” against the Police Federation (PFEW) over a 2019 ransomware breach which they say may have impacted 120,000 officers. Keller Lenkner UK said it served notice this week to the staff association for police constables, sergeants, inspectors and chief inspectors in England and Wales. It intends to seek the order from the High Court in early 2022. As reported by Infosecurity at the time, the PFEW’s IT systems were first hit on March 9 2019, and then again ten days later. It claimed that several databases and systems at its Surrey headquarters had been affected.


Brazil's Health Ministry Suffers Two Ransomware Attacks in One Week

Permalink - Posted on 2021-12-23 18:00

While it is far from uncommon for an organization to announce that it has been hit by a ransomware attack, two in one week is an unusual event. Brazil’s Health Ministry is looking at extended downtime for the system that processes Covid-19 vaccination data as it attempts to recover from this exact situation, dealing with two major attacks that came just four days apart. It is still unclear if the two ransomware attacks came from the same source, but the first may have had an element of activism to it. A hacking outfit called Lapsus$ Group claimed credit, targeting and deleting the vaccination data needed to issue the country’s digital inoculation certificates. The follow-up attack was less successful, but targeted the same data and did enough damage to delay the restoration of Health Ministry systems.


The Medical Review Institute of America Notifies Patients of Ransomware Incident

Permalink - Posted on 2021-12-23 18:00

MRIoA was hit with ransomware in November. And although they do not directly state that they paid ransom, it sounds like they did because their notification states that to the best of their ability and knowledge, they “retrieved and subsequently confirmed the deletion” of their information.


German Court Rules in Favor of Plantiff Which Suffered "Pain and Suffering" After Data Breach

Permalink - Posted on 2021-12-23 18:00

A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe. According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages for non-material damage because he was affected by the Scalable data leak. The plaintiff from southern Germany is one of the 33,200 Scalable Capital customers whose e-mail addresses, copies of ID cards, photos and account numbers ended up on the Darknet between April and October 2020 as a result of a data leak.


New Jersey Volunteer EMS Agency Says Patient Data Was Breached

Permalink - Posted on 2021-12-23 18:00

A volunteer EMS agency in New Jersey says in a news release that patient data in New Jersey was breached, and it has requested formal hearings in the state Senate and Assembly Health Committees. The Lincoln Park First Aid Squad, also known as Lincoln Park EMS, announced that it and other squads that are part of the EMS Council of New Jersey 17th and 18th Districts, inadvertently found that the state health department’s office of EMS gave the New Jersey State Police’s Fatal Accident Reporting System access to an electronic medical records system used by ambulance services throughout New Jersey. This is said to be an administrator access, which is high-level, without oversight, and includes access to medical records.


Pro Wrestling Tees Discloses Data Breach After Credit Cards Stolen

Permalink - Posted on 2021-12-23 18:00

Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees was informed by law enforcement on November 01, 2021, that a small portion of its customers' credit card numbers had been compromised. The entity informed the Office of the Maine Attorney General about the incident on December 22, 2021, saying the incident affected 31,000 customers.


Albanian Prime Minister Apologizes Over Database Leak

Permalink - Posted on 2021-12-23 18:00

Albania's prime minister on Thursday apologized for a big leak of personal records from a government database of state and private employees, which he said seems more like an inside job than a cyber attack. A file containing the personal identity card numbers, employment and salary data of some 637,000 people became public this week and was widely shared through messaging apps. Prime Minister Edi Rama said the leak is being investigated.


Virginia Still Working to Fix Issues After Ransomware Attack

Permalink - Posted on 2021-12-22 17:00

The information technology agency that serves Virginia’s legislature is still working to fix problems caused by a ransomware attack earlier this month, a state official said Tuesday. The attack substantially affected operations and occurred during preparations for a legislative session that is set to start Jan. 12. A top agency official told Virginia legislative leaders in an email obtained by The Associated Press last week that hackers using “extremely sophisticated malware” had accessed the system Dec. 10. A ransom note with no specific amount or date was sent, according to the email. All of the agency’s internal servers, including those for bill drafting, the budget system and the General Assembly voicemail system, were affected, the email said.


West Virginia: BEC Attack on Monongalia Health System

Permalink - Posted on 2021-12-22 17:00

A three-hospital health system in West Virginia has become the victim of a business email compromise (BEC) scam that began with a phishing attack. Monongalia Health System, Inc. (MHS) had no idea that its cybersecurity defenses had been penetrated until a vendor reported not receiving a payment from the healthcare provider on July 28, 2021. An investigation was launched, which determined that threat actors had compromised several email accounts belonging to MHS employees between May 10, 2021, and August 15, 2021, gaining unauthorized access to emails and attachments.


Hacking Incidents Reported by Southern Orthopaedic Associates and Eduro Healthcare

Permalink - Posted on 2021-12-22 17:00

Paducah, KY-based Southern Orthopaedic Associates (SOA) has started notifying 106,910 patients about a breach of some of their protected health information. SOA detected unauthorized activity in an employee email account on or around July 8, 2021. Steps were immediately taken to secure the account and an investigation was launched to determine the nature and scope of the breach. Assisted by a third-party computer forensics company, SOA determined that several employee email accounts had been compromised between June 24, 2021, and July 8, 2021; however, it was not possible to tell which, if any, emails in the account had been accessed.


Ghana Government Agency Exposed 700,000 Citizens’ Data in a Database Misconfiguration

Permalink - Posted on 2021-12-22 17:00

Ghana’s National Service Secretariate – NSS – exposed 55GB worth of citizens’ data when an AWS S3 bucket used by the Secretariate suffered misconfiguration. The exposed database contained program membership cards and identity documents of the participants, including the Ghana National Health Insurance Scheme, professional IDs according to the candidate’s placement industry, etc.


British Council Struck by Two Ransomware Attacks in Five Years

Permalink - Posted on 2021-12-21 17:00

A major UK public body has fallen victim to two successful ransomware attacks over the past five years, official figures have shown. The data, obtained from a freedom of information (FoI) request by the Parliament Street think tank, revealed that the British Council suffered a total of 12 days of downtime due to the incidents; five days in the first and seven in the second. No ransom was paid in either incident.


Canada: Big White Issues Data Breach Alert

Permalink - Posted on 2021-12-21 17:00

A potential data breach due to possible malware on Big White’s servers has prompted an alert from the resort’s CEO. In an email sent Monday to all vendors and suppliers to Big White, including the resort’s utilities, president and CEO of Big White Peter Plimmer said the company’s servers experienced “an unauthorized intrusion” sometime before Sept. 10. Data accessed nefariously may include personal and business information, such as names, addresses, banking info, electronic funds transfer arrangements, and CRA business numbers. The resort has not been able to determine exactly when the unauthorized intrusion happened, but its technical incident response team said they believe it was likely during the first half of 2021.


Belgian Defense Ministry Admits Attackers Accessed Its Computer Network by Exploiting Log4j Vulnerability

Permalink - Posted on 2021-12-21 17:00

The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws. The attack took place last week, as reported by Flemish-language TV news station VRT, which said "some of the ministry's activities were paralysed for several days." Belgian MoD spokesman Olivier Severin said in a prepared statement seen by The Register: "Defence discovered an attack on its computer network with internet access on Thursday. Quarantine measures were quickly taken to isolate the affected parts. The priority is to keep the defence network operational." He added: "This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach."


Ubisoft Confirms Just Dance Video Game Data Breach

Permalink - Posted on 2021-12-21 17:00

Ubisoft has announced a data breach after unknown actors targeted its popular video game franchise, Just Dance. The games developer confirmed that customer information may have been accessed after attackers took advantage of a “misconfiguration” to steal data. A statement from Ubisoft said that the breach was limited to ‘technical identifiers’ including GamerTags, profile IDs, and device IDs, as well as recordings of Just Dance videos that were uploaded to be shared publicly with the in-game community and/or on social media profiles.


Robocalls More Than Doubled in 2021, Cost Victims $30 Billion

Permalink - Posted on 2021-12-20 16:00

Wireless carrier T-Mobile just released its Scam and Robocall year-end report, and the numbers tell the story: Scam call traffic is up 116 percent over 2020; averaging about 425 million calls every week. According to T-Mobile, it cost wireless customers a projected $29.8 billion in 2021. T-Mobile pointed out that nuisance calls are the number one complaint received by the Federal Communications Commission (FCC). Last March, FCC Acting Chairwoman Jessica Rosenworcel announced hefty fines against scam telemarketers in Texas that were offering fake health insurance plans by phone. Rosenworcel demanded voice communications service providers to clamp down on rampant fraud, along with other new rules intended to cut down on the overwhelming volume of scam calls. Phone companies are required by the FCC to implement caller ID to reduce spoofing, to make consumer complaints public and to allow users to block calls that aren’t in their contact list.


Ransomware Operators Leak Data Stolen from Logistics Giant Hellmann

Permalink - Posted on 2021-12-20 16:00

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month. In an updated cyber incident statement published last week, the German company confirmed that the attackers stole data from its servers, although it did not provide details on the type of information that was compromised. However, Hellmann warned that its customers are experiencing an increasing number of fraudulent calls and emails following the incident, which suggests that malicious actors are already attempting to monetize the stolen information.


Hackers Attack Israeli Hiking Websites, Leak Personal Information

Permalink - Posted on 2021-12-20 16:00

A hacker group called Sharp Boys announced that it had hacked two Israeli hiking websites on Saturday, leaking the information of 100,000 users and offering the information of around three million people for sale. The leaked data includes emails, addresses, photos and phone numbers. The two affected sites were Tiyuli and Lametayel. The attack is the latest cyberattack to affect Israeli companies.


$30 Million Stolen from Grim Finance, Audit Firm Blames New Hire for Vulnerability

Permalink - Posted on 2021-12-20 16:00

DeFi protocol Grim Finance said about $30 million was stolen this weekend by hackers exploiting a vulnerability in their platform. In a statement posted to Twitter on Saturday, Grim Finance said "an advanced attack" was taking place and initially paused all vaults to prevent more attacks. Solidity Finance, a DeFi auditing firm, released an apology for missing the vulnerability that led to the incident. They audited Grim Finance just four months ago.


Sennheiser Exposed Personal Data of 28,000 Customers Online

Permalink - Posted on 2021-12-20 16:00

VPNMentor researchers have discovered consumer audio giant Sennheiser has accidentally left open an old cloud account containing customer data. On October 28, 2021 Researchers Noam Rotem and Ran Locar of VPNMentor discovered an unsecured Amazon Web Services (AWS) server online containing data of over 28,000 Sennheiser customers. According to Sennheiser, the server contained data collected from the public through it various activities. Sennheiser failed to implement any security measures and data was accessible to anyone with a web browser. Researchers identified the data by files with company names and employee information.


Hackers Stole Over 1.8 Million People Credit Card Data from Sports Gear Sites

Permalink - Posted on 2021-12-20 16:00

Four well-renowned affiliated online sports gear websites have recently unveiled and reported a massive cyberattack. In this cyberattack, the hackers have compromised and stolen more than 1.8 million people’s credit card information. A law firm representing these four sports gear websites has disclosed that on October 1st, 2021 a data breach took place in which the hackers have compromised personal information and credit card information; for now, the firm concluded with this much detail only.


Ransomware Gang Publish Confidential Police Data on the Dark Web

Permalink - Posted on 2021-12-20 16:00

The Clop ransomware gang has published confidential data held by UK police on the dark web, according to reports over the weekend. The Mail on Sunday reported that the notorious cybercrime group accessed the information following a successful phishing attack on IT services provider Dacoll in October 2021. This provided Clop with access to vast amounts of material, including data held on the police national computer (PNC), which Dacoll manages. According to the Mail on Sunday, the attackers uploaded hundreds of files on the dark web after Dacoll refused to pay a ransom demand. Among the PNC files uploaded were close-up images of motorists taken from the UK’s National Automatic Number Plate Recognition (ANPR) system. It is currently unclear whether Clop holds other information held by the UK Police that it could release in the future.


Over 535,000 Individuals Affected by Ransomware Attack on Texas ENT Specialists

Permalink - Posted on 2021-12-17 17:00

Texas Ear, Nose & Throat Specialists P.A. (Texas ENT Specialists) has recently announced it was the victim of a cyberattack that was detected on October 19, 2021. A review of those files confirmed they contained the protected health information (PHI) of 535,489 patients, including names, dates of birth, medical record numbers, and procedure codes. A subset of individuals also had their Social Security numbers stolen.


Most Patients Don't Trust Their Healthcare Providers to Securely Store PII and Payment Information

Permalink - Posted on 2021-12-17 17:00

The HHS’ Office for Civil Rights, the main enforcer of HIPAA compliance, has stepped up enforcement of compliance with the HIPAA Rules in recent years and is increasingly imposing financial penalties for HIPAA Privacy and Security Rule violations. The survey confirmed that patients want healthcare providers to face financial penalties when they fail to ensure the confidentiality of healthcare data. 9 out of 10 patients were in favor of financial penalties for healthcare providers that fail to implement appropriate protections to prevent healthcare data breaches. Further, when data breaches occur, patients are willing to switch providers. 66% of patients said they would leave their healthcare provider if their PII or payment information was compromised in a data breach that occurred as a result of the failure to implement appropriate security measures. Another 2021 survey, conducted on behalf of Armis, had similar findings. 49% of patients said they would switch provider if their PHI was compromised in a ransomware attack. The pandemic has increased the risk patients face from healthcare data breaches. Before the pandemic, many patients paid their medical bills in person or by mail, but the Semafone survey showed both payment methods are in decline, with many patients now choosing to pay electronically. There has been a 28% fall in in-person payments and a 17% drop in mail-in payments. With financial information more likely to be stored by healthcare providers, the risk of financial harm from a data breach has increased substantially. Semafone explained in its 2021 State of Healthcare Payment Experience and Security Report that the increase in healthcare data breaches has led to patients having a heightened sense of awareness and interest in the processes their providers take to protect their information.


Gumtree Classifieds Site Leaked Personal Information via the F12 Key

Permalink - Posted on 2021-12-17 17:00

British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard. When pressing the F12 key in a web browser, the application will open the developer tools console, which allows you to view a website's source code, monitor network requests, and view error messages produced by the website.


Australia: NSW Government Casual Recruiter Suffers Ransomware Hit

Permalink - Posted on 2021-12-17 17:00

IT recruitment firm Finite Recruitment has confirmed it experienced a cyber incident in October, which resulted in a "small subset" of the company's data being downloaded and published on the dark web. Finite Recruitment is listed on a leak site as one of the victims of the Conti ransomware for the purposes of double extortion. The listing shows the attackers claimed to have stolen more than 300GB of data, including financial data, contracts, customer databases with phone numbers and addresses, contracts with employees' passport details, phone numbers, mail correspondence, and other information.


Virginia Museum Shuts Down Website Amid IT Breach

Permalink - Posted on 2021-12-17 17:00

An information technology system security breach detected late last month prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation, the museum announced this week. Virginia State Police are investigating a ransomware attack on state legislative agencies, discovered late Sunday night.


60% of U.K. Workers Have Been Victim of a Cyber Attack

Permalink - Posted on 2021-12-16 17:00

There is a “dangerous” lack of awareness among UK workers towards cybersecurity, leaving businesses at risk of attacks, according to a new study by Armis. This is despite 60% of workers admitting they have fallen victim to a cyber-attack. The nationwide survey of 2000 UK employees found that only around a quarter (27%) are aware of the associated cyber risks, while one in 10 (11%) don’t worry about them at all. Even more worryingly, just one in five people said they paid for online security, putting businesses at high risk of attacks amid the shift to remote working during COVID-19. The most prevalent types of attacks experienced by workers or their organizations were phishing (27%), data breaches (23%) and malware (20%). The study also revealed growing concerns about the scale of the cyber-threats facing the UK. A large-scale cyber-attack was ranked as the fourth biggest future concern (21%) among the respondents, equal to the UK going to war. Two-fifths (40%) said they would like to see a minister for cybersecurity installed to ensure the issue is focused on more at a government level. Russian-backed cyber-criminals were considered to be the biggest threat to the UK’s cybersecurity (20%) by the respondents, followed by financially motivated cyber-criminals (17%) and Chinese-backed cyber-criminals (16%).


France Orders Clearview AI to Delete Data

Permalink - Posted on 2021-12-16 17:00

France's data protection regulator has ordered American facial recognition software firm Clearview AI to stop illegally processing images. In a statement released today, the CNIL said that Clearview's facial recognition software relies on a database of photographs that was built by extracting photographs and videos that are publicly available on the internet. The data protection authority commanded Clearview to desist from extracting such images from people on French territory and to delete the data it had gathered in this manner within two months. The CNIL launched an investigation into Clearview AI in the spring of 2020 after the authority received complaints from individuals about the company's data practices. Investigators found that Clearview AI "does not respond effectively to requests for access and erasure. It provides partial responses or does not respond at all to requests." The association Privacy International also warned the CNIL about Clearview's data practices in May 2021.


New Jersey Fines Hackensack Healthcare Providers for PHI Breach and HIPAA Violations

Permalink - Posted on 2021-12-16 17:00

The New Jersey Division of Consumer Affairs has agreed to settle a data breach investigation that uncovered violations of the New Jersey Consumer Fraud Act and the federal Health Insurance Portability and Accountability Act (HIPAA). Hackensack, NJ-based Regional Cancer Care Associates is an umbrella name for three healthcare providers that operate healthcare facilities in 30 locations in Connecticut, New Jersey, and Maryland: Regional Cancer Care Associates LLC, RCCA MSO LLC, and RCCA MD LLC. Between April and June 2019, several employee email accounts were compromised. Employees had responded to targeted phishing emails and disclosed their credentials, which allowed the scammers to access their email accounts and the protected health information (PHI) of more than 105,000 individuals. The email accounts contained PHI such as names, Social Security numbers, driver’s license numbers, health records, bank account information, and credit card details.


Desjardins Reaches $200 Million Class Action Settlement in Wake of Data Breach

Permalink - Posted on 2021-12-16 17:00

Mouvement Desjardins announced on Thursday that it has reached a $200-million settlement with plaintiffs in a class action suit launched after a massive data breach in June 2019. The financial institution noted that the agreement must be approved by a Superior Court judge before it can go into effect. The agreement calls for a maximum of about $200.85 million to fund individual payments to those covered by the suit and who sought compensation. The settlement is aimed at current and former Desjardins members and customers or customers who hold or held credit cards or other financial products from Desjardins.


Transamerica Sued by 401(k) Participant Over Data Breach

Permalink - Posted on 2021-12-16 17:00

A breach of 401(k) participant data earlier this year prompted a class action lawsuit this month against Transamerica Retirement Solutions. In June, the company became aware of a change within one of its websites that let employer customers view compromising data about participants in other retirement plans, according to a notice posted by the State of California. That data included Social Security numbers, birth dates and other personally identifying information. The data was only viewable by plan administrators who had permission to access the site, the company stated in the disclosure sent in August to 401(k) participants. At the time, Transamerica said that it was unaware of any participant data being misused, it had fixed the glitch and would provide two years of identity monitoring services to people whose data were compromised. But that was insufficient, the plaintiff representing the proposed class said. The company failed to protect sensitive information and waited too long to make 401(k) participants aware of the problem, according to the Dec. 3 complaint filed in U.S. District Court in the Southern District of New York.


Colleges Finding Out the Hard Way About Surging Cyber Insurance Costs

Permalink - Posted on 2021-12-16 17:00

Higher education institutions seeking cybersecurity insurance today are not unlike homeowners living on the water in a hurricane-prone coastal community: the riskier the environment, the harder it is to get insured. For both community colleges and four-year institutions, cyberthreats are now very pronounced, and that reality has led to more institutions facing cyberinsurance premium hikes of as much as 400 percent—or even discovering they are uninsurable.


New Jersey Cancer Care Provider to Pay $425,000 to Settle Investigation into Two Data Breaches

Permalink - Posted on 2021-12-16 17:00

Acting Attorney General Andrew J. Bruck today announced that the Division of Consumer Affairs has reached a settlement with three New Jersey-based providers of cancer care that the State alleges failed to adequately safeguard patient data, exposing the personal and protected health information of 105,200 consumers, including 80,333 New Jersey residents. Under the terms of the settlement, Regional Cancer Care Associates LLC, RCCA MSO LLC, and RCCA MD LLC (collectively, “RCCA”)—all headquartered in Hackensack, but with 30 locations throughout New Jersey, Connecticut and Maryland—have agreed to pay $425,000 and adopt additional privacy and security measures to safeguard individuals’ protected health information and personal information to resolve the State’s investigation into alleged violations of the New Jersey Consumer Fraud Act and the federal Health Insurance Portability and Accountability Act (“HIPAA”).


Ireland: Ransomware Cyber Attack Hits Coombe Hospital

Permalink - Posted on 2021-12-16 17:00

The Coombe Hospital has been the subject of a ransomware cyberattack overnight, the hospital has confirmed. The maternity and infants hospital said that services are continuing as normal despite the cyberattack on Wednesday night. The hospital isolated and locked down its IT services once the attack was discovered “on a precautionary basis” and is working with the HSE to resolve the issue. The HSE has also confirmed it is assessing whether this will have a broader impact on the health service.


Portland, Oregon's McMenamins Targeted by Ransomware Attack

Permalink - Posted on 2021-12-16 17:00

Portland hotel and brewpub chain McMenamins was hit with a ransomware attack that may have compromised employees' personal information, but no customer payment information appears to have been impacted, the company said Wednesday. A ransomware attack occurs when a cybercriminal deploys malicious software to block access to a company's computer system. The system is supposed to remain blocked until a fee is paid to the attacker. McMenamins said the ransomware attack was identified and blocked on Dec. 12. The company said it notified the FBI and hired a cybersecurity firm to identify the source and full scope of the attack. In a news release, the company said it's possible that employee data such as names, addresses, dates of birth, Social Security numbers, direct deposit bank account information and benefits records may have been obtained, but "it is not currently known whether that is the case."


Grindr Fined €6.5 Million for Selling User Data Without Explicit Consent

Permalink - Posted on 2021-12-15 17:00

Dating app Grindr has been fined €6.5m (£5.5m) for selling user data to advertisers without their explicit consent. The fine was issued by the Norwegian Data Protection Authority (DPA) for “grave” infringements of GDPR rules. This was because Grindr shared highly sensitive ‘special category’ data with third parties without users' explicit consent, which is a requirement under the regulation. This includes GPS location, IP address, advertising ID, age and gender. Additionally, the third parties knew the user was on Grindr, a dating app for gay, bi, trans and queer people, meaning their sexual orientation data was exposed. Users were forced to agree to the company’s privacy policy without being asked specifically if they consented to the sharing of their data for behavioral purposes. Tobias Judin, head of the Norwegian DPA’s international department, explained: "Our conclusion is that Grindr has disclosed user data to third parties for behavioral advertisement without a legal basis." The €6.5m penalty is the largest fine issued by the Norwegian data protection authority. However, this figure was reduced from £8.6m after Grindr provided details about its financial situation and had changed permissions on its app. However, the regulator added that it has not assessed whether this new consent mechanism complied with GDPR.


Chicago Accountancy Firm Discovers Data was Stolen in December 2020 Ransomware Attack

Permalink - Posted on 2021-12-15 17:00

The Chicago, IL-based accountancy firm Bansley and Kiener LLP has announced it was the victim of a December 2020 ransomware attack that saw certain files within its systems encrypted. The attack only caused temporary disruption, and it was possible to restore all encrypted systems from backups and rapidly return to normal operations. The attack occurred on December 10, 2020, and the subsequent investigation into the incident found no evidence of data theft and confirmed that the breach had been fully contained. However, Bansley and Kiener said in a December 3, 2021 data breach notification letter that the firm learned on May 24, 2021, that the attackers had exfiltrated some files from its systems, and those files contained sensitive client information. A third-party cybersecurity firm was engaged to assist with the subsequent investigation and while it was not possible to confirm the specific types of information that had been accessed and exfiltrated, on August 24, 2021, the investigation confirmed the names and Social Security numbers of some individuals may have been obtained by the attackers.


Almost 50,000 Health Plan Members Affected by Ransomware Attack on Broward County Public Schools

Permalink - Posted on 2021-12-15 17:00

In March 2021, ransomware was used in an attack on Broward County Public Schools in Florida and files were encrypted. The investigation into the breach revealed access to the school network was first gained by unauthorized individuals on November 12, 2020, with the ransomware deployed on March 6, 2021. The attack was detected on March 7, 2021. The hackers demanded a ransom payment of $40 million for the keys to decrypt files, which was later reduced to $10, million but the school district refused to pay. Initially, it did not appear that any sensitive data had been obtained in the attack, but on April 19, 2021, it was discovered that some files stored on its systems had been stolen when they were released publicly on the Conti ransomware gang’s data leak website.


Web App Attacks Surge 251% in Two Years

Permalink - Posted on 2021-12-15 17:00

Web application attacks on UK businesses have soared by over 250% since October 2019, driving a surge in data breaches, according to Imperva. The security vendor analyzed nearly 4.7 million web application-related cybersecurity incidents over the period to find that attacks are increasing, on average, by 22% each quarter. This is likely to be fuelling a vast increase in data breaches. Remote code execution (RCE) and remote file inclusion (RFI) attacks, often used to steal information and hijack websites, surged by 271% over the two years. In fact, previous research from Imperva Research Labs found that half (50%) of all data breaches begin with web applications. The research estimated that around 20 billion compromised records would stem from web app attacks this year. More concerning still is that recorded web app attacks increased by 68% from Q2 to Q3 2021, as threat actors sought to flood underground sites with stolen data ahead of the Christmas shopping period.


Propane Gas Distributor Hit with Ransomware

Permalink - Posted on 2021-12-15 17:00

Propane gas distributor Superior Plus Corp. today disclosed that it was a victim of a ransomware attack on Dec. 12. Superior, which supplies more than 780,000 customers in the US and Canada, said it had "temporarily disabled" some of its systems in the wake of the attack and is working to get them back online.


Planned Parenthood Los Angeles Facing Class Action Lawsuit Over Breach

Permalink - Posted on 2021-12-14 16:00

Planned Parenthood Los Angeles (PPLA) is facing a class action lawsuit over a ransomware attack that was discovered on October 17, 2021. The cyberattack exposed the protected health information of more than 409,759 patients. In the notification letters sent to affected individuals on November 30, 2021, PPLA explained that its systems were breached on October 9, 2021, and the hackers had access to files containing PHI until October 17, when they were ejected from the network. The files on the affected systems contained names, addresses, birth dates, diagnoses, treatment, and prescription information, and some files were exfiltrated from its network prior to file encryption. PPLA said it has found no evidence to suggest patient data has been misused. A PPLA patient whose PHI was exposed in the data breach has taken legal action over the incident. The lawsuit was filed in the U.S. District Court of Central California and alleges the patient, and class members, have been placed at imminent risk of harm as a result of the theft of their sensitive health data, which included electronic health records that detail the procedures performed by PPLA such as abortions, treatment of sexually transmitted diseases, emergency contraception prescriptions, cancer screening information, other highly sensitive health data.


PHI of 750,000 Patients of Oregon Anesthesiology Exposed

Permalink - Posted on 2021-12-14 16:00

On July 11, 2021, Oregon Anesthesiology Group discovered it was the victim of a ransomware attack. Files on its systems had been encrypted which prevented access to its servers and patient data. A digital forensics firm was engaged to investigate the breach and it was confirmed that patient and employee information had been compromised, with the affected parts of its network found to contain files that included names, addresses, dates of service, diagnosis and procedure codes and descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Employee data potentially compromised in the attack included names, addresses, Social Security numbers, and other information contained in W-2 forms.The forensic investigation revealed that once the hackers had gained access to its network, they data-mined administrator credentials which allowed them to access encrypted data on its network.


Idaho: Ransomware Attacks Shelley School District Computers

Permalink - Posted on 2021-12-14 16:00

The Shelley School District was a victim of a ransomware attack. The attack was discovered on Dec. 6. They reported the incident to the FBI and are now working with a digital forensics service to help restore their servers.


Brazilian Ministry of Health Hit by Second Cyber Attack in Less Than a Week

Permalink - Posted on 2021-12-14 16:00

Brazil's Ministry of Health has suffered a second cyberattack in less than a week, which has compromised various internal systems, including the platform that holds COVID-19 vaccination data. The news emerged after a first major ransomware attack three days earlier, from which the department was still recovering. Confirming the second attack on Monday (13) evening, health minister Marcelo Queiroga said the latest event, which took place in the early hours of that same day, was smaller than the first attack. According to Queiroga, the department is working to recover the systems as soon as possible. However, he said the second attack means ConecteSUS, the platform that issues COVID-19 vaccine certificates, would not be back online today (14) as originally planned.


Virginia Legislative Agencies and Commissions Hit with Ransomware Attack

Permalink - Posted on 2021-12-14 16:00

Alena Yarmosky, spokesperson for Virginia Governor Ralph Northam, said the governor has been briefed on the attack, which currently affects Virginia's Division of Legislative Automated Systems, the General Assembly's IT agency. Yarmosky did not respond to requests for comment about the specifics of the attack. Legislative leaders in the state were emailed about the incident and told that hackers attacked the state systems on Friday. The attack took down the website for the Division of Capitol Police, and all of the internal systems for bill drafting or bill referrals were hit hard during the ransomware incident, according to The Associated Press. The Assembly's voicemail system was down, and many of the systems involved in budgeting were disrupted due to the attack. The Virginia Law Portal is also down because of the attack.


Human Resources Service Kronos Hit by Ransomware

Permalink - Posted on 2021-12-14 16:00

Kronos Private Cloud has been hit by a ransomware attack. The company, also known as Ultimate Kronos Group (UKG), provides timekeeping services to companies employing millions of people across the world. Emails sent by Kronos to its corporate customers, seen by The Register, confirm the firm has pulled its private cloud services offline following a ransomware attack. It is advising customers to deploy "alternative business continuity protocols" – a move with potential implications for Britons' Christmas pay packets.


Crypto Exchange AscendEX Hacked, Losses Estimated at $77 Million

Permalink - Posted on 2021-12-13 16:00

AscendEX announced via Twitter that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million).


Poland: Personal Data Leaked from the Commune Office in Nowiny

Permalink - Posted on 2021-12-13 16:00

The announcement was published on the office’s website and in social media. According to the information published by the office, one of the employees was accidental opened an infected link that launched the malware and encrypted the server. The administrator found out about the data leak from four databases on December 9. Data seized by unknown perpetrators includes: name and surname, mother’s maiden name, place of residence, date and place of birth, PESEL number, ID number, bank account number and contact telephone number.


Canadian Privacy Commissioner: BMO Security Breach in 2017 Affected 113,000 Client Accounts

Permalink - Posted on 2021-12-13 16:00

A 2017 data breach that exposed personal information belonging to more than 113,000 Bank of Montreal customers exploited “significant weaknesses” in the bank’s safeguards that have since been strengthened, according to a report from the Privacy Commissioner of Canada. BMO previously disclosed the breach in May, 2018, after receiving a ransom demand from hackers, who threatened to release private customer information if their demands weren’t met. The bank refused to pay. At the time, BMO said the attack likely compromised information belonging to fewer than 50,000 clients. In fact, the report says, two separate attacks managed to steal personal information belonging to 113,154 customers over a six-month span in 2017.


Massachusetts: Northeastern Cancels Vaccination Clinics After Third-Party Information Leak

Permalink - Posted on 2021-12-13 16:00

COVID-19 vaccination clinics scheduled on Northeastern University’s Boston campus have been cancelled following the discovery of registrants’ personal information being exposed by Pelmeds, a third-party vaccine provider.


News Group Settle News of the World and Sun Hacking Caims

Permalink - Posted on 2021-12-10 16:00

On 8 and 9 December 2021 the settlement of a 15 phone hacking claims against News Group Newspapers were announced. A series of statements in open court were read before Fancourt J, culminating in a high profile and hard hitting unilateral statement in open court by Sienna Miller. Speaking outside court Ms Miller, who was represented by Thomson Heath and Associates, said the newspaper thought it was “above the law”. She said the Sun’s actions “shattered me, damaged my reputation – at times beyond repair”, causing her to accuse family and friends of selling information “in a state of intense paranoia and fear”.


30% of Online Users Suffered Security Breaches Due to Weak Passwords

Permalink - Posted on 2021-12-10 16:00

A GoodFirms survey outlines the current password behavior of online users, risk factors associated with password management, and the best measures, policies, and practices to safeguard passwords from attacks or breaches. 30% of surveyees reported password leaks and security breaches owing to poor password practices and weak password setups. The research highlights a few common poor password practices of users, such as sharing passwords with colleagues, family members, and friends; jotting down passwords on sticky notes, papers, planners, changing passwords only when prompted; or using the same passwords for multiple sites.


75% of Firms Admit Sub-Optimal IoT Security

Permalink - Posted on 2021-12-10 16:00

Global businesses have become more risk aware as they deploy IoT projects, but over three-quarters (77%) admitted that these systems could be more secure, according to Inmarsat. The satellite communications company polled 450 individuals responsible for delivering IoT in their respective organizations around the world, to compile its report, Industrial IoT in the Time of COVID-19. The most commonly cited security challenges were an external cyber-attack on IoT systems (50%), poor network security (49%), insecure or unencrypted edge networks (44%) and employees mishandling data (44%). Yet elsewhere, there has been progress: nearly half (48%) of respondents claimed to have an IoT security policy in place, versus 32% in 2018. More businesses are also plugging in new security solutions (46% versus 33% in 2018) and creating an external IoT security policy for suppliers and partners (41% compared to 29% in 2018). Unsurprisingly, those with a formal IoT strategy in place are more likely to deploy security measures, and if projects are driven from the top-down, purchasing decisions are more likely to include upgrades to security technology, the report found.


Volvo Targeted by Cyber Thieves

Permalink - Posted on 2021-12-10 16:00

Cyber-thieves hacked into the computer network of Swedish car manufacturer Volvo and exfiltrated research and development secrets. The carmaker posted a notice on its website yesterday stating that it had suffered a cybersecurity breach in which a limited amount of data was stolen. Though the quantity of data swiped in the incident was small, Volvo warned that its loss may have an impact on the company’s operations. Volvo did not disclose the date on which the attack took place, how long it lasted, or when it was detected. The company shared only sparse information regarding the nature of the attack, describing it as involving a breach of one of its file repositories by a third party.


Ransomware Attack Affects 81,000 Howard University College of Dentistry Patients

Permalink - Posted on 2021-12-10 16:00

Howard University College of Dentistry discovered on September 3, 2021, that unauthorized individuals had gained access to its network and used ransomware to encrypt files. An announcement was made by the university shortly after the attack that it had been forced to cancel online and hybrid classes while its systems were restored, and that a nationally recognized computer forensics firm had been engaged to investigate the incident to determine the extent of the attack and whether sensitive information was accessed or stolen. The encrypted records related to dental visits between October 5, 2019, and September 3, 2021, and included information such as names, contact information, dates of birth, dental record numbers, health insurance information, dental history information, and for a limited number of patients, Social Security numbers.


German Logistics Giant Hellmann Reports Cyber Attack

Permalink - Posted on 2021-12-10 16:00

Billion-dollar logistics firm Hellmann Worldwide Logistics reported a cyberattack this week that forced them to temporarily remove all connections to their central data center. The company said the shut down was having a "material impact" on their business operations. In a statement, Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response.


South Australian Government Employee Data Taken in Frontier Software Ransomware Attack

Permalink - Posted on 2021-12-10 16:00

South Australia Treasurer Rob Lucas said on Friday that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. Lucas said the company has informed government that some of the data have been published online, with at least 38,000 employees and up to 80,000 government employees possibly having their data accessed. The data contained information on names, date of birth, tax file number, home address, bank account details, employment start date, payroll period, remuneration, and other payroll-related information.


Australian Electricity Provider CS Energy Hit by Ransomware

Permalink - Posted on 2021-12-09 17:00

Australian electricity provider CS Energy has been hit by a ransomware attack, but the company says electricity generation has not been affected and it has denied claims that the attack was conducted by a state-sponsored threat group. The attack was discovered on November 27 and the company informed the public about the incident a few days later. Queensland-based CS Energy, which is owned by the local government, provides electricity to millions of homes, as well as to large commercial and industrial customers in Queensland.


Hackers Publish Vestas Data Following Cyber Attack

Permalink - Posted on 2021-12-09 17:00

Hackers behind last month’s cyber attack on Vestas, the world’s largest wind turbine manufacturer, have published a portion of the compromised data online. That's according to a statement published by the company, in which it advised customers and business partners to “stay vigilant” as there's a possibility that their personal data may be misused.


Sophisticated Identity Document Fraud Increased 57% Over Previous Year

Permalink - Posted on 2021-12-09 17:00

Over the past 12 months, 47% of all identity document fraud was classed as ‘medium’ sophisticated fraud, which is a 57% increase over the previous year, an Onfido report reveals. Identity theft losses increased 42% in 2020, reaching $712 billion, making digital identity verification critical for enterprises. Whether for financial services, retail, or healthcare, verifying that an online user is legitimate and present defines customer trust and determines if you’re a leader or laggard in the digital economy. As consumers become more comfortable with digital transactions, fraudsters have remained online with them, as the report found that identity fraud is yet to return to pre-pandemic levels. In 2020, there was a 41% increase in ID fraud, with the average ID fraud rate reaching 5.8%. Over the past 12 months, even though much of the physical world has re-opened, the average fraud rate was recorded at 5.9%, showing that fraud still hasn’t dropped back to pre-pandemic levels. The jump in fraud that was a direct result of the pandemic appears to be here to stay.


Passports Now Most Attacked Form of Identification

Permalink - Posted on 2021-12-09 17:00

A new report on identity fraud has found that passports are now the most frequently attacked form of identity document. Onfido's 2022 Identity Fraud Report revealed that over the past year, passports overtook national identity cards as fraudsters' favorite ID to forge. Document fraud specialists at Onfido process millions of identity documents every year, helping clients detect fraud across 2,500 document types issued by 195 countries. The company's report is based on analysis of data collected from October 1, 2020, to October 1, 2021. Other key findings shared in the report are that fraudsters typically prefer to create a fake document from scratch rather than doctor a genuine ID. "Over 90% of ID fraud in the past year involved counterfeit documents using a complete reproduction of an original document, instead of adapting an existing ID," said Onfido. Modern identity documents feature multiple security features that make modifications easily detectable, but fraudsters are raising their game and creating increasingly sophisticated forgeries. Over the past year, 47% of all identity document fraud was classed as “medium” sophisticated fraud, which is a 57% increase compared with the previous year. Losses from identity theft also grew significantly, ballooning by 42% to reach $712bn in 2020. Identity fraud is yet to return to its pre-pandemic level. In 2020, there was a 41% increase in ID fraud, with the average ID fraud rate reaching 5.8%. Over the past year, the average fraud rate was recorded at 5.9%.


U.S. Food Importer Atalanta Admits Ransomware Attack

Permalink - Posted on 2021-12-09 17:00

North American food importer Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack. The company, North America’s largest privately held specialty food importer, also offered general advice on resources that can help individuals guard against identity theft in cases where their private information has been exposed.


Businesses Fear Rse of Third-Party Attacks, as Ransomware Impact Grows

Permalink - Posted on 2021-12-09 17:00

Some 84% of organisations worldwide believe supply chain attacks can become a major threat within the next three years, with 48% in Asia-Pacific reporting at least one such attack in the past year and another 69% encountering at least one ransomware attack.


Software Vulnerabilities Up by 20% in 2021

Permalink - Posted on 2021-12-08 16:00

Software vulnerabilities increased by 20% in 2021 compared with 2020, according to a new report by HackerOne. The bug bounty platform said its hackers had uncovered over 66,000 valid vulnerabilities this year, while hacker-powered pentests detected a 264% rise in reported vulnerabilities in 2021 compared to 2020. Additionally, there was a 47% increase in vulnerabilities detected by Vulnerability Disclosure Programs. The surge in vulnerabilities has partly been driven by the increase in organizations adopting hacker-powered security testing programs, according to the report. For example, there was a 62% increase in financial services programs and an 89% rise in government programs, including a bug bounty challenge by the UK’s Ministry of Defence. HackerOne said another factor is the expansion of attack surfaces brought about by digital transformation and cloud migration during the pandemic. The most commonly discovered bug was cross site scripting, as it was in 2020. However, there were significant increases in reports of information disclosure (58%) and business logic errors (67%). Of all the vulnerabilities reported, 26% were considered critical, 36% medium severity, and 34% low severity.


LINE Pay Leaks Data from Approximately 133,000 Users

Permalink - Posted on 2021-12-08 16:00

LINE Pay, a smartphone payment provider, announced yesterday that between September and November of this year, approximately 133,000 users’ payment details were inadvertently published on GitHub. A research group employee accidentally uploaded files detailing participants in a LINE Pay promotional programme staged between late December 2020 and April 2021 to the collaborative coding crèche. The date, time, and amount of transactions, as well as user and franchise store identification numbers, were among the leaked details. Although names, addresses, telephone numbers, credit card and bank account numbers were not disclosed, the names of the users and other information could be traced with some effort. During the ten weeks it was available online, the information was accessed 11 times by over 51,000 Japanese users and nearly 82,000 Taiwanese and Thai users.


Businesses Fear Rise of Third-Party Attacks, as Ransomware Impact Grows

Permalink - Posted on 2021-12-08 16:00

The majority of global businesses believe supply chain attacks can become a major threat within the next three years, with 45% experiencing at least one such attack in the last 12 months. This figure is higher, at 48%, in the Asia-Pacific region, where organisations also are reporting more ransomware attacks and paying out higher ransoms than their global counterparts. Worldwide, 84% of enterprises expressed concerns third-party attacks could become a major cyber threat over the next three years, according to a report commissioned by CrowdStrike. However, just 36% had vetted all their software suppliers for security purposes in the past year, including 40% in Asia-Pacific. At 87%, more in Asia-Pacific than the global average expressed concerns supply chain attacks were becoming a major cyber threat, the study revealed. Amongst the 48% in the region that reported at least one such attack in the past year, 36% were from Singapore where 57% could not ascertain that they had vetted all their software suppliers for security purposes. Some 69% in Asia-Pacific also encountered at least one ransomware attack in the past 12 months, higher than the global average of 66%. This figure was 64% in Singapore.


French Transport Giant Exposes 57,000 Employees and Source Code

Permalink - Posted on 2021-12-08 16:00

A state-owned French transportation giant has inadvertently exposed nearly 60,000 employees to identity fraud after leaking their personal information via an unsecured HTTP server, according to researchers. A team at vpnMentor found the server on October 13, and deduced from the file names that the culprit was Régie Autonome des Transports Parisiens (RATP), which runs public transport across the French capital and beyond. The organization apparently never replied to the team, but the French CERT was more responsive and shut the privacy snafu down “shortly after.” The server was left “open and accessible to anyone with basic web browsing skills,” according to vpnMentor. The team wrote that it contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Among the data were full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords.


Ransomware Victims Pay $700,000 in Extra Extortion Fees

Permalink - Posted on 2021-12-08 16:00

A staggering 96% of ransomware victims that agree to their extorters’ demands are subsequently forced to pay additional fees amounting to hundreds of thousands of dollars, according to CrowdStrike. The security vendor’s 2021 CrowdStrike Global Security Attitude Survey was compiled from interviews with 2200 senior IT and cybersecurity decision makers in the US, EMEA and APAC. It found that two-thirds (66%) of respondents had suffered at least one ransomware attack over the past year, with average payments increasing 63% over the year. They were lowest on average in EMEA ($1.3m), followed by the US ($1.6m), and highest in APAC ($2.4m).


Hotel Guests Locked Out of Rooms After Ransomware Attack

Permalink - Posted on 2021-12-08 16:00

A popular Scandinavian hotel chain has warned that a recent ransomware attack may have led to the theft of personal information related to bookings, while current guests are struggling with longer waiting times at check-in. Nordic Choice runs around 200 locations across the region, with brands such as Comfort, Clarion and Quality. It claimed to have been hit last Thursday with a ransomware attack which impacted “the hotel systems that handle reservations, check-in, check-out and creation of new room keys.” One guest took to social media to explain that hotel staff were forced to personally escort guests upstairs to their rooms because key cards were out-of-action.


PHI of 40,000 Individuals Exposed in Email Account Breaches at Three Healthcare Providers

Permalink - Posted on 2021-12-07 16:00

Three healthcare providers have recently reported security breaches involving the email accounts of employees, resulting in the exposure and potential theft of the protected health information of more than 40,000 individuals. Saltzer Health, Boulder Neurosurgical and Spine Associates, Region IV Area Agency on Aging were affected.


New Mexico Hospital Hit with Class Action Lawsuit Over 2020 Data Breach

Permalink - Posted on 2021-12-07 16:00

San Juan Regional Medical Center in Farmington, New Mexico is facing a class action lawsuit over a data breach that was announced in June 2021. The breach investigation confirmed an unauthorized individual gained access to its network and exfiltrated files containing sensitive patient data between September 7, 2020, and September 8, 2020. While data theft was confirmed, the hospital has not uncovered any evidence to suggest any patient’s PHI has been misused and individuals whose Social Security number was compromised have been offered complimentary credit monitoring and identity theft protection services for 12 months. The lawsuit was filed on October 7, 2021, on behalf of Jeremy Henderson and all other San Juan Regional Medical Center patients affected by the data breach. The lawsuit alleges the way San Juan Regional Medical Center handled patient data was negligent, which resulted in sensitive information being exposed and stolen by hackers. The lawsuit also alleges the hospital failed to implement appropriate safeguards to protect patient data, in violation of the Health Insurance Portability and Accountability (HIPAA) Act. The lawsuit also takes issue with the length of time it took to issue notifications. Henderson said he was notified about the breach on September 13, 2021, more than a year after his PHI was stolen.


Sound Generations Reports Two Ransomware Attacks Affecting Over 100,000 Individuals

Permalink - Posted on 2021-12-07 16:00

Seattle, WA-based Sound Generations has announced that unauthorized individuals have gained access to its internal systems and have used ransomware to encrypt files. An internal review of the affected systems confirmed the protected health information of 103,576 individuals was stored on the affected systems. That information included demographic and health information, including names, addresses, phone numbers, email addresses, dates of birth, and whether or not an individual has health insurance. Health histories and health conditions may have been exposed if that information was provided to Sound Generations and individuals who participated in the EnhanceFitness program may also have had their health insurance number exposed.


T-Mobile Litigation Over Major Data Breach to Proceed in Missouri

Permalink - Posted on 2021-12-07 16:00

The Judicial Panel on Multidistrict Litigation has transferred a batch of lawsuits against T-Mobile US Inc over its recently disclosed data breach to a Kansas City, Missouri federal court. The panel in a Friday order centralized the litigation in the U.S. District Court for the Western District of Missouri. T-Mobile’s lawyers advocated for the venue in Sept. 14 filing. There are at least 44 proposed class actions filed in courts across the country against T-Mobile over the incident, the panel said in the order.


Appellate Court Partially Revives Medical Data Breach Class Action

Permalink - Posted on 2021-12-07 16:00

A state appellate panel on Monday partially reinstated a class action complaint against Los Angeles County and a Southern California medical billing company that lost eight computers containing customers’ personal information in a 2014 theft. The Second District Court of Appeal said six affected individuals can pursue negligence claims on behalf of a class against the county and its contract payment processor, Sutherland Healthcare Solutions Inc. The justices noted that Sutherland urged health care patients whose data was contained in the breach to subscribe to a one-year credit-monitoring program it offered, as well as a $20,000 insurance reimbursement policy.


Cyber Attack Freezes Maryland Health Department

Permalink - Posted on 2021-12-06 16:00

A cyberattack took Maryland’s health department offline this weekend, as officials worked to assess the extent of the intrusion. Andy Owen, a department spokesman, said in a statement to The Washington Post. “Certain systems have been taken offline out of an abundance of caution and other precautions have and will be taken.” Owen said that state officials were coordinating with federal and state law enforcement, and that the investigation is ongoing. He declined to say whether the state’s response to the coronavirus pandemic had been affected by the cyberattack. A spokesperson for the office of Gov. Larry Hogan (R) referred questions to the health department.


A Cyber Attack Has Forced Supermarket Spar to Close Some Stores

Permalink - Posted on 2021-12-06 16:00

A cyber attack has forced supermarket chain Spar to close some of its UK stores. Some stores appear to have been suffering issues since Sunday, meaning that this is a multi-day incident and one customer commented that stores with accompanying petrol stations were closed.


Hackers Take $196 Million from Crypto Exchange Bitmart

Permalink - Posted on 2021-12-06 16:00

Hackers have taken $196 million from crypto trading platform Bitmart, a security firm said Saturday. Bitmart confirmed the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million. Bitmart added in a statement that all withdrawals had been temporarily suspended until further notice and said a thorough security review was underway.


U.K. Government Fined Over Honors List Data Breach

Permalink - Posted on 2021-12-03 16:00

The UK’s data watchdog has slapped the British government with a hefty fine for exposing the addresses of individuals chosen to receive honors. The Information Commissioner’s Office (ICO) said that the safety of hundreds of 2020 New Year Honors recipients had been placed in jeopardy after their personal data was published online.


Misconfigured Database Leaks Information on 150,000 E-commerce Buyers

Permalink - Posted on 2021-12-03 16:00

Security researchers have found a misconfigured cloud-hosted database leaking over 300,000 records, including sensitive personal information on e-commerce buyers. A team at Safety Detectives found the leaky Elasticsearch database on July 25 this year but claimed the content had been exposed without any password protection or encryption since November 2020. Its efforts to close the leak have so far proven unsuccessful, after hosting firm Alibaba did not reply to the team’s outreach, and the identity of the database owner remains a mystery. All Safety Detectives has been able to ascertain from the 500MB data leak is that the owner is a Chinese ERP provider serving businesses that sell goods on platforms like Amazon and Shopify. Around half of the 329,000 exposed records contained buyers’ names, phone numbers, email, billing and delivery addresses, according to the report. In some cases, seller names, email addresses and billing information were also leaked. German, French and Danish e-commerce customers featured among the haul, with as many as 150,000 potentially exposed, the report claimed.


Snatch Ransomware Team Adds Health Insurer Victim to Their Leak Site

Permalink - Posted on 2021-12-03 16:00

In April, CareFirst BlueCross Blue Shield posted a notice on its website concerning a ransomware attack in January. Threat actors known as Snatch added CareFirst to their dark web leak site this week, claiming to have exfiltrated 258 GB of data. The proof of claim files include half a dozen files with what appears to be protected health information. Some of the files posted seem to relate to Michigan residents and Harbor Health Plan in Michigan.


New York: Riverhead Schools Hit by Ransomware Attack

Permalink - Posted on 2021-12-03 16:00

The Riverhead Central School District was hit by a ransomware attack this morning, shutting down the district’s computer and technology infrastructure for what officials said could be several days. The district sent out a statement this morning at 8:48 a.m. on their social media alerting parents to what was then described as an “outage” with their internet and email. The outage was caused by a ransomware attack, the office of the superintendent confirmed to RiverheadLOCAL after a robocall was sent out to district faculty and staff. Law enforcement has been notified, the district said.


Colorado Energy Company Loses 25 Years of Data After Cyber Attack

Permalink - Posted on 2021-12-03 16:00

Colorado's Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. The company said it began noticing issues on November 7, and the cyberattack eventually brought down most of its internal network services. The attack affected all of the company's support systems, payment processing tools, billing platforms and other tools provided to customers. DMEA said the hackers were targeting specific parts of the company's internal network and corrupted saved documents, spreadsheets, and forms, indicating it may have been a ransomware incident. The attack even affected the company's phone and email systems, but DMEA said the power grid and fiber network were not touched during the attack.


Hackers Steal $120 Million from Badger DeFi Platform

Permalink - Posted on 2021-12-03 16:00

Hackers have stolen an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations. Badger has confirmed the hack in a statement published on Twitter earlier today, freezing its platform while staff investigates the breach. Blockchain analysis firm PeckShield, which was the first to notice the heist, claims the hackers managed to steal more than 2,100 Bitcoin and 151 Ether from Badger user accounts before the company shut down its systems. The sum was estimated at $120.3 million at the time of the heist, the security firm said on Twitter.


Double Extortion Ransomware Victims Soar 935%

Permalink - Posted on 2021-12-02 16:00

Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites. Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021. During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed. In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered.


Cyber ​​Attack on Kisters AG by Orchestrated Ransomware Attack

Permalink - Posted on 2021-12-02 16:00

On November 10-11, Kisters AG in Germany was hit by a ransomware attack. Because the firm is a critical infrastructure supplier for energy systems and with the potential for downstream compromise, this one has raised significant concerns.


Planned Parenthood Los Angeles Ransomware Attack Leaks Health Data of 400,000 Patients

Permalink - Posted on 2021-12-02 16:00

Planned Parenthood Los Angeles has sent out breach notification letters to about 400,000 patients after the organization suffered from a ransomware incident between October 9 and October 17. The organization is not offering any identity protection services for those affected, only urging victims to review statements received from health insurers or healthcare providers. They said they planned to hire a cybersecurity firm to help with the incident and improve their cybersecurity systems. Law enforcement was called in to help with the attack, according to CNN, but it is unclear which group is behind the attack.


80,000 Retail WooCommerce Sites Exposed by Plugin XSS Bug

Permalink - Posted on 2021-12-02 16:00

The plugin “Variation Swatches for WooCommerce,” installed across 80,000 WordPress-powered retail sites, contains a stored cross-site scripting (XSS) security vulnerability that could allow cyberattackers to inject malicious web scripts and take over sites. Variation Swatches is designed to allow retailers using the WooCommerce platform for WordPress sites to show different versions of the same product, like a sweater in several colors. Unfortunately, vulnerable versions can also give users without administrative permissions — like customers or subscribers — access to the plugin’s settings, according to researchers from Wordfence.


Lloyd's Carves Out Cyber Insurance Exclusions for State-Sponsored Attacks

Permalink - Posted on 2021-12-01 16:00

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd’s of London. The insurance juggernaut’s underwiring director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms. The company explained it will no longer cover losses resulting from “cyber-war,” which it defined as a cyber-operation carried out as part of a war, any retaliatory attacks between specified states, or a cyber-operation “that has a major detrimental impact on the functioning of a state.”


New Zealand: Waikato DHB Cancer Hub Out of Action in Chaotic Aftermath

Permalink - Posted on 2021-12-01 16:00

A cyber security breach that brought Waikato District Health Board to its knees took out one of the country's four regional cancer hubs, prompting the Cancer Control Agency to declare a national emergency to get patients with life-threatening cancer conditions moved to other hospitals. Radiation treatment at Waikato Hospital, where a regional cancer hub operates, was one of dozens of services rendered unavailable after the ransomware attack on May 18. Cancer Control Agency Te Aho o Te Kahu chief executive Diana Sarfati stopped short of calling the situation a crisis but said it was "incredibly anxiety provoking" for patients.


CarePartners Agrees to Settle Proposed Cyber Attack Class Action for Up to $3.4 Million

Permalink - Posted on 2021-12-01 16:00

CarePartners has agreed to pay up to $3.44 million to fully and finally settle the action, all inclusive. The Class will provide CarePartners with a full and final release in return. The total amount paid by CarePartners will be based on the total number of people whose data was taken from CarePartners’ computer systems and then provided to the CBC by the hackers. The CBC has reported that it may have received the data of up to 80,000 individuals. If the data released to the CBC pertains to fewer than 45,000 individuals, then the settlement total will be reduced to $2.44 million.


Quest's ReproSource Faces Patient Lawsuit Over Data Breach Impacting 350,000 Patients

Permalink - Posted on 2021-12-01 16:00

One month after notifying 350,000 patients of a potential theft of their protected health information, ReproSource Fertility Diagnostics has been sued by a patient over alleged security failings. ReproSource is a clinical laboratory for fertility specialists and a subsidiary of Quest Diagnostics. First disclosed Oct. 8, an attacker hacked into the ReproSource network in early August. The security team detected the intrusion two days later when the ransomware was deployed, but not before the actor possibly accessed or exfiltrated certain patient health information.


Ottawa's French Public School Board Paid Hackers a Ransom Following Cyber Attack

Permalink - Posted on 2021-12-01 16:00

Ottawa's French public school board says it was the victim of a network security breach in October and it paid the hackers a ransom to secure the stolen data. In a statement on its website, the Conseil des écoles publiques de l'Est de l'Ontario (CEPEO) said it was notified of the cyberattack on Oct. 18. The network was secured later that day, but officials learned hackers had stolen approximately 75 gigabytes worth of data about employees and some students and parents dating back to 2000 that was stored on a server at the board's main office.


Medsurant Health Discloses Ransomware Incident

Permalink - Posted on 2021-11-30 16:00

Medsurant Health in Pennsylvania recently notified HHS that 45,000 patients were impacted by a breach. The patients are not yet being notified, however, because it seems Medsurant is still trying to figure out who needs to be notified. In a statement published November 29, Medsurant stated that they received an email from a threat actor on September 30, telling them that data had been accessed and exfiltrated. Despite starting an investigation promptly, it appears that data exfiltration occurred beginning September 23 and continued until November 12.


Seventh Months After Initial Discovery, Broward Public Schools Discloses Conti Attack

Permalink - Posted on 2021-11-30 16:00

In March, 2021, Broward County Public Schools disclosed a breach that captured the public’s attention when Conti threat actors subsequently released a copy of their negotiation chat logs. When negotiations failed to result in an agreement, the threat actors dumped nearly 26,000 files on their dark web and clearnet leak sites. Now, seven months after Conti dumped the 26,000 files, Broward County Public Schools has issued a press release that acknowledges that the files accessed by the threat actors “may have potentially included the sensitive information of some faculty, staff, and students.”


Kentucky Energy and Environment Cabinet Announces Data Breach

Permalink - Posted on 2021-11-30 16:00

The Kentucky Energy and Environment Cabinet (EEC) announced they discovered a data security breach on September 8, 2021. According to EEC, unredacted mining permit applications containing some mine owners’ and controllers’ personal information was available for public inspection at Department of Natural Resources’ field offices and on an EEC hosted website. Internal EEC policy requires redaction of certain personal information including Social Security numbers before permit information is made publicly available. According to officials, some unredacted permit materials were available since sometime in 2015 at public reading rooms located at DNR field offices, and since January 16, 2021 on a public internet database maintained by EEC.


Hackers Plant Card-Stealing Malware on Website That Sells Baron and Duke Titles

Permalink - Posted on 2021-11-30 16:00

A threat actor has hacked the website of the Principality of Sealand, a micronation in the North Sea, and planted malicious code on its web store, which the government is using to sell baron, count, duke, and other nobility titles. Called a “web skimmer,” the malicious code allowed the hackers to collect user and payment card details for anyone who purchased products, such as nobility titles, from the country’s online store. All transactions made on the site from October 12 have been intercepted by the hackers, Willem de Groot, founder of web security firm Sansec, told The Record in a phone call today. De Groot said he discovered the code while analyzing the infrastructure of a web skimming group that has been active since last year. The Sansec founder said he found the same code on the website of a French security services provider as well. Hackers have taken control of the government site of Sealand, the North Sea micronation, since Oct 12th. People buying Baron or Duke titles have likely been skimmed.


Missouri: Ransomware Attack Shuts Down Lewis & Clark Community College

Permalink - Posted on 2021-11-30 16:00

Lewis and Clark Community College in Godfrey closed all their campuses this week and cancelled all extra-curricular activities, including sports. The move was made after the director of information technology noticed suspicious activity last Tuesday and shut down the school's computer network on Wednesday. According to Trzaska, the college notified police and the FBI about the ransomware attack. On Friday, he said, a team of cybersecurity experts arrived and have been working around the clock since to restore the school's computer network stronger and safer than it was before.


Australia: Queensland Government Energy Generator Hit by Ransomware

Permalink - Posted on 2021-11-30 16:00

Queensland government-owned energy generator CS Energy said on Tuesday it was responding to a ransomware incident that occurred over the weekend. First reported by Energy Source & Distribution, the company said the incident has not impacted electricity generation at Callide and Kogan Creek power station, and it was looking to restore its network. n response to the incident, ANZ regional director at Claroty, Lani Refiti, said critical infrastructure has been increasingly targeted by ransomware gangs since the infrastructure firms cannot afford any disruptions or downtime.


Ecommerce Retailers Facing a 350% Increase in Fraudulent Online Orders

Permalink - Posted on 2021-11-30 16:00

As the holiday shopping season hits full stride, ecommerce retailers across Europe face a new era of malicious attacks spurred by a COVID-inspired transformation in ecommerce and a 350% increase in fraudulent online orders, according to data published by Signifyd. European retailers are facing historic fraud pressure at a time when the payments landscape is undergoing upheaval due to the enforcement of PSD2’s Strong Customer Authentication (SCA) requirement. The addition of SCA’s robust two-factor authentication process has been rolled out across much of Europe and will be enforced in the UK beginning in March. SCA was instituted to protect retailers and consumers from online fraud. The beginning of SCA enforcement across Europe has resulted in an average transaction failure rate of 26% post-SCA enforcement, according to payment services consultancy CMSPI.


Clearview AI Fined $22.6 Million for Breaching U.K. Data Protection Laws

Permalink - Posted on 2021-11-30 16:00

American facial recognition company Clearview AI is facing a fine of just over £17m ($22.6m) for alleged “serious breaches” of the UK’s data protection laws. The UK’s Information Commissioner’s Office (ICO) announced the planned penalty yesterday and issued a provisional notice to Clearview to stop processing personal data taken from UK residents and to delete any such data in its possession. The announcement follows a joint investigation by the ICO and the Office of the Australian Information Commissioner (OAIC), which found Clearview AI in breach of Australian privacy laws.


2.1 Million People Affected by Breach at DNA Testing Company

Permalink - Posted on 2021-11-30 16:00

In a data breach notice posted on its website, DDC said it detected unauthorized access to its network on August 6. An investigation has determined that the attackers had accessed an archived database containing personal information collected between 2004 and 2012 for a national genetic testing organization system that was acquired by the firm in 2012. Information that may have been obtained by the hackers includes names, Social Security numbers, bank account numbers, and payment card data.


Panasonic Discloses Four-Months-Long Data Breach

Permalink - Posted on 2021-11-29 16:00

Japanese electronics giant Panasonic has disclosed on Friday a major security breach after an unidentified threat actor had gained access to its internal network. The Osaka-based company said it detected the security breach earlier this month, on November 11. No other details are currently available, but over the past three years, almost all of Japan’s big tech firms had suffered network intrusions at the hands of Chinese state-sponsored espionage groups, which, while unconfirmed for now, remain the main suspects in this incident too.


Marine Services Provider Swire Pacific Offshore Discloses Data Breach

Permalink - Posted on 2021-11-29 16:00

Singapore-based marine services provider Swire Pacific Offshore (SPO) disclosed a cybersecurity incident that resulted in the loss of commercial and personal data. The unauthorized access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data. The cyberattack has not materially affected SPO’s global operations.


One Community Health Patients Notified About April 2021 Cyber Attack and Data Theft

Permalink - Posted on 2021-11-29 16:00

Sacramento, CA-based One Community Health has recently notified patients that its systems were compromised between April 19 and April 20, 2021. An unauthorized individual was discovered to have gained access to systems containing the personal and protected health information of certain employees and patients. A comprehensive forensic investigation was conducted by a third-party cybersecurity firm to determine the nature and scope of the attack, and One Community Health was notified on October 6, 2021, that the attacker had exfiltrated files from its network that included full names and one or more of the following data elements: Address, other demographic information, telephone number, email address, date of birth, Social Security number, driver’s license number, insurance information, diagnosis information, and treatment information.


Sarasota MRI, Consociate Health, & Upstate Homecare Notify Patients About Data Breaches

Permalink - Posted on 2021-11-29 16:00

Sarasota MRI, Consociate Health, and Upstate Homecare have recently notified regulators and patients about security incidents involving personal and protected health information. Stolen data included full names, dates of birth, addresses, telephone numbers, email addresses, driver’s license numbers, bank account information, Social Security numbers, treatment information physicians’ names, patient ID numbers, and Medicare/Medicaid numbers.


Most U.S. Healthcare Apps Susceptible to Cyber Attack

Permalink - Posted on 2021-11-24 16:00

Vulnerabilities exist in most of the web applications used by leading healthcare providers in the United States, according to new research by cyber assessment company Outpost24. In its new 2021 Web Application Security for Pharma and Healthcare report, the company shared the finding that 90% of the web applications used by the US healthcare operators are susceptible to cyber-attacks. The report assessed the internet-exposed applications of the top 20 largest pharma and healthcare organizations in the European Union and in the US to identify common attack vectors and exploitable flaws. Researchers found that 85% of the top 20 pharma and healthcare applications had an external attack surface score of 30 or above out of 58.24. Outpost24 classified such a score as ‘critically exposed,’ indicating a "high susceptibility for security and vulnerability exposure." Healthcare organizations in the United States were found to be more at risk than their European counterparts. While US organizations had an average risk exposure score of 40.5, the score for healthcare organizations in the EU was 32.79. A quarter of the web applications run by healthcare organizations in the US presented a cybersecurity risk. Out of a total 6069 web applications run over 2197 domains, 3% were considered as "suspect" by researchers and a further 23.74% were found to be running on vulnerable components. Although EU healthcare organizations run almost four times as many web applications as those in the US, the percentage of apps deemed to be risky was lower in the EU than in the US. Of the 20,394 web applications run by EU healthcare organizations over 9216 domains, 3.3% were considered to be suspect and 18.3% were running on vulnerable components. The researchers found that the top three attack vectors identified across healthcare organizations in the EU and the US to be Degree of Distribution, Page Creation Method and Active Content.


GoDaddy Breach Widens to Include Reseller Subsidiaries

Permalink - Posted on 2021-11-24 16:00

The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. The world’s largest domain registrar confirmed to researchers at Wordfence that several of these brands’ customers were affected by the security incident.


PHI of 57,000 Patients Potentially Compromised in TriValley Primary Care Cyber Attack

Permalink - Posted on 2021-11-24 16:00

Suspicious activity was detected in its IT environment on October 11, 2021. A review of the files on the affected systems confirmed the following types of patient data may have been compromised: First and last name, gender, home address, phone number, email address, date of birth, Social Security number, health insurance policy/group plan number, group plan provider, claim information, medical history, diagnosis, treatment information, dates of service, lab test results, prescription information, provider name, medical account number, and other information contained in medical records.


Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Permalink - Posted on 2021-11-24 16:00

The lawsuit, filed on Tuesday in Northern California, seeks to hold NSO Group accountable for hacking into Apple’s iOS mobile platform with so-called zero-click exploits to spy on researchers, journalists, activists, dissidents, academics, and government officials. The Cupertino, Calif.-based Apple also announced it would contribute $10 million to researchers and academic outfits exposing cyber-surveillance abuses.


Phillipines: Personal Data of 22,000 S&R Members Compromised in Cyber Attack

Permalink - Posted on 2021-11-24 16:00

The National Privacy Commission (NPC) on Wednesday, Nov. 24, said the personal data of 22,000 S&R members were compromised following a recent cyber attack. In a statement, NPC confirmed the receipt of a breach notification report on Nov. 15 from S&R Membership Shopping concerning a cyber attack “that may have compromised its members’ personal data.” The S&R said they discovered the security incident last Nov. 14 and submitted a supplemental breach report to the NPC on Wednesday. According to the report, members’ personal data, including date of birth, contact number, and gender have been compromised.


Montana High School Hit by Ransomware

Permalink - Posted on 2021-11-24 16:00

Today’s report concerns Beaverhead County High School in Montana, which was reportedly hit by Avos Locker. The threat actors added the listing to their dark web leak site on November 20, but do not state when the attack actually occurred. As proof of claim, Avos Locker uploaded a few files — only 1 of which appears specific to BCHS: procedures to be followed in the event of an on-field injury during an athletic event.


WiFi Software Management Firm Exposed Millions of Users' Data

Permalink - Posted on 2021-11-24 16:00

WSpot provides software to let businesses secure their on-premise WiFi networks and offer password-free online access to their clients. Some of the notable clients of WSpot include Sicredi, Pizza Hut, and Unimed. According to WSpot, 5% of its customer base got impacted by this leak. Around 226,000 files got exposed in this data leak. The leaked information included personal details of at least 2.5 million users who connected to WSpot’s client’s public WiFi networks.


Astoria Notifying 940,000 Consumers After Breach Earlier This Year

Permalink - Posted on 2021-11-23 16:00

Mark Francis of Holland & Knight, who are external counsel for Astoria Company LLC has now notified the Maine Attorney General’s Office that Astoria is notifying 940,000 consumers about a breach that occurred in January, 2021. The impacted information included first and last name, mailing address, email address, phone number, date of birth, social security number and/or driver’s license number and state, and in some instances employment information.


Three Months After Ransomware Attack, UHC Fails to Notify Exposed Patients

Permalink - Posted on 2021-11-23 16:00

On September 25, DataBreaches.net reported on a ransomware attack suffered by United Health Centers of San Joaquin Valley (UHC). BleepingComputer had also reported on the incident the day before. Neither this site nor BleepingComputer had been able to get a statement from UHC at the time, but it was clear from the data dumped by threat actors known as “Vice Society” that there was protected health information acquired and dumped. Two months later, patients have still not received any individual notifications.


Polish DPA: Bank Millennium Fined 80,000 Euros for Failure to Notify of Data Breach

Permalink - Posted on 2021-11-23 16:00

The Personal Data Protection Office (UODO) learnt about the personal data breach from a complaint lodged against the bank. The complaint concerned the loss by a courier company of correspondence containing personal data, such as: name, surname, personal identification number (PESEL number), registered address, bank account numbers, identification number assigned to the bank’s customers. The complainants were informed about this fact by the bank, but the information was not sufficient — it did not meet the requirements set out in the GDPR.


Wind Turbine Giant Vestas Confirms Data Breach

Permalink - Posted on 2021-11-23 16:00

In a statement posted today (November 22), the Danish energy giant said it “has already initiated a gradual and controlled reopening of all IT systems” after shutting down several operational IT systems as a precaution following a “cybersecurity incident” on Friday (November 19). News of the incident first emerged on Saturday (November 20) when the company warned that “customers, employees, and other stakeholders may be affected by the shutdown”.


Online Payment Fraud Surges by 208% Ahead of Black Friday

Permalink - Posted on 2021-11-22 15:00

In a new report, cybersecurity vendor Kaspersky discovered 1,935,905 financial phishing attacks disguised as e-payment systems in October 2021. This is more than double the 627,560 attacks detected in the previous month. Interestingly, the researchers didn’t observe any seasonal trends for other types of phishing related to online shopping in the first 10 months of 2021. The emphasis on e-payment systems is believed to be linked to the introduction of new payment systems in many countries this year following the shift to online shopping during COVID-19. The team also detected 221,745 spam emails containing the words ‘Black Friday’ from October 27 to November 19, providing further evidence that fraudsters are trying to take advantage of the biggest shopping day of the year. In total, Kaspersky reported seeing 40 million phishing attacks targeting e-commerce and e-shopping platforms from January to October 2021.


Businesses Compromise on Cyber Security in Favor of Other Goals

Permalink - Posted on 2021-11-22 15:00

90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board, a Sapio Reserach report reveals. The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understand cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn’t try hard enough (26%) or doesn’t want (20%) to understand. There’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk. This friction is causing potentially serious issues: 52% of respondents agree that their organization’s attitude to cyber risk is inconsistent and varies from month to month.


Iran's Mahan Air says Hit by Cyber ttack

Permalink - Posted on 2021-11-22 15:00

Iran's second-largest airline, Mahan Air, said it had been hit by a cyberattack Sunday, the latest of several targeting the company. According to Mehr news agency, some Mahan customers had received text messages that said: "Cyberattack against Mahan for complicity in the crimes committed by the terrorist Guardians Corps" -- a reference to Iran's elite Revolutionary Guards. Mahan Air is Iran's main private airline and the second biggest after the national carrier Iran Air.


GoDaddy Breach Exposes 1.2 Million Managed WordPress Customer Accounts

Permalink - Posted on 2021-11-22 15:00

Domain registrar and web hosting giant GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months. The Tempe, Arizona-based GoDaddy disclosed the breach in an SEC filing and confirmed that millions of users of its managed WordPress hosting service had sensitive data stolen, including database usernames and passwords, email addresses and private SSL keys.


WhatsApp Pushes Privacy Update to Comply with Irish Ruling

Permalink - Posted on 2021-11-22 15:00

WhatsApp is taking the action after getting hit with a record 225 million euro ($267 million) fine in September from Ireland’s data privacy watchdog for violating stringent European Union data protection rules on transparency about sharing people’s data with other Facebook companies.


Utah Medical Group Discloses Data Breach Affecting Over 580,000 Patients

Permalink - Posted on 2021-11-22 15:00

As part of the incident, which was identified on September 4, 2021, unknown threat actors accessed files that contained sensitive personal information related to patients. Following the incident, Utah Imaging Associates informed the U.S. Department of Health and Human Services that the data of 583,643 individuals was compromised during the incident. The affected data, HIPAA Journal reported last week, included full names, birth dates, mailing addresses, health insurance policy numbers, and Social Security Numbers. Medical information, including diagnosis, prescription details, and treatment information was also affected.


India: PNB Customers' Data Exposed for Seven Months Due to Server Vulnerability

Permalink - Posted on 2021-11-22 15:00

Critical financial and personal information of 180 million Punjab National Bank (PNB) customers was at risk for around seven months due to a vulnerability in the lender's servers, said cybersecurity firm CyberX9. The vulnerability provided access to the entire digital banking system of the bank with administrative control, the agency claimed.


52% of SMBs Have Experienced a Cyber Attack in the Last Year

Permalink - Posted on 2021-11-19 16:00

The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion each day, a Devolutions survey reveals. A recent study by IBM revealed that organizations with fewer than 500 employees had an average data breach cost of $2.98 million per incident in 2021. As has been reported, approximately 60% of SMBs go out of business within six months of getting hacked.


California Pizza Kitchen Spills Over 100,000 Employee Social Security Numbers

Permalink - Posted on 2021-11-19 16:00

While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees.


Indonesia Probe Police Hack in Latest Cyber Breach

Permalink - Posted on 2021-11-19 16:00

Indonesian police are investigating claims by a hacker who said this week they have stolen personal data of thousands of police officers, the latest in a spate of cyber attacks that has highlighted the country's digital vulnerabilities. Using a now suspended Twitter handle, a hacker who said they were from Brazil claimed to have obtained the data of 28,000 officers by infiltrating Indonesia's national police server, according to local media reports. The hacker said the information compromised included names, home addresses, emails, phone numbers and blood types.


6 Million Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Permalink - Posted on 2021-11-19 16:00

Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, soft attack surface left that way for nearly 18 months as the company tried to fix a DNS rebinding vulnerability in customers’ routers. Pen Test Partners reported the problem to Sky Broadband – a broadband service offered by Sky UK in the United Kingdom – on May 11, 2020 … and then chased Sky for a repeatedly postponed update.


Less than Half of Consumers Change Passwords Post-Breach

Permalink - Posted on 2021-11-19 16:00

There’s a “shockingly high” disconnect between awareness of best practices following a data breach and actions taken, according to a new study from the Identity Theft Resource Center (ITRC). The non-profit polled over 1000 US consumers to gauge their understanding of and response to breach incidents involving personal information. The report found that more than half (55%) of social media users have had their accounts compromised in the past, so there’s generally a high level of awareness about what can be done to enhance personal security. However, nearly a fifth (16%) of respondents said they took no action following a breach. Less than half (48%) changed affected passwords, and only a fifth (22%) changed all of their passwords. That’s particularly worrying when 85% admitted to reusing log-ins across multiple accounts, putting them at risk of credential stuffing.


U.S. Regulators Order Banks to Report Cyber Attacks Within 36 Hours

Permalink - Posted on 2021-11-19 16:00

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability. Bank service providers will also have to notify customers "as soon as possible" if a cyberattack has materially affected or will likely affect the customers for four or more hours. Examples of incidents that need to be reported under the new rule include large-scale distributed denial of service attacks that disrupt customer account access to banking services or computer hacking incidents that takedown banking operations for extended periods of time.


20% of Defense Contractors at Risk for Ransomware Attack

Permalink - Posted on 2021-11-19 16:00

A report featuring some of the United States' top defense contractors suggests that about 20% of them are “highly susceptible” to a ransomware attack, with 42% having experienced a data breach in 2020 alone. This data comes from Black Kite, a cybersecurity research firm. Report authors looked defense contractors working in financial services, health care, manufacturing, critical infrastructure and business services, and evaluated each company on their cybersecurity protocols and procedures to determine an industrywide index grade across defense contractors. The average score implies a safe level of risk management––and 54% of defense contractors are considered relatively safe from ransomware attacks. However, 43% of contractors were found to have old or dated cybersecurity systems, yielding a higher risk of cyberattacks.


Cyber Complexity Negatively Impacts a Company's Ability to Respond to Threats

Permalink - Posted on 2021-11-19 16:00

71% of VPs and CIOs believe that the high number of cybersecurity tools they use negatively impacts their organization’s ability to detect and prevent threats, a Perimeter 81 report reveals. The research evaluated responses from 500 IT professionals at companies with 50 or more employees in the US. It covers new trends in the workforce due to COVID-19, how those changes have affected cybersecurity, and their impact on IT professionals. 50% of companies with more than 1,000 employees use 20 or more cybersecurity tools and solutions; 64% report that they experienced a significant cybersecurity incident in 2020-21, including ransomware or phishing; 34% of companies have made cybersecurity a priority due to news coverage of cyber incidents; 59% admitted they paid a ransom to cyber thieves; 47% of cyberattack victims had recovery costs between $100,000 and $1 million.


Turkey: MNG Kargo Hacked; User Information Stolen

Permalink - Posted on 2021-11-18 16:00

MNG Cargo, which has a wide transportation network in our country, announced that some of its corporate customers were attacked by cyber attacks as a result of their user names and passwords being seized. Notifying the Personal Data Protection Authority, the company announced that the names, surnames, addresses and phone numbers of the cargo recipients were seized. The company, which was able to detect the leak that started on August 15, on August 23, stated that the number of people affected by this situation is uncertain, and that there is no flaw in the system, and that the situation that caused the leak was due to the seizure of corporate customer accounts.


82% of Healthcare Organizations Have Experienced an IoT Attacks in the Past 18 Months

Permalink - Posted on 2021-11-18 16:00

A new study conducted by Medigate and CrowdStrike has highlighted the extent to which healthcare Internet of Things (IoT) devices are being targeted by threat actors and warns about the worrying state of IoT security in the healthcare industry. The study included a survey of healthcare organizations to determine what threats they have faced over the past 18 months. 82% of surveyed healthcare organizations said they have experienced at least one form of IoT cyberattack in the past 18 months, with 34% of respondents saying the attack involved ransomware. The situation is likely to get worse as the number of IoT devices in healthcare grows. According to the report, spending on connected medical devices has been predicted to increase at a CAGR of 29.5% through 2028.


DDoS Attacks Surge 35% in Q3 as VoIP Is Targeted

Permalink - Posted on 2021-11-18 16:00

Security experts have warned of a surge in distributed denial of service (DDoS) attacks in the third quarter, with quantity, size and complexity all increasing in the period. The findings come from Lumen’s Q3 DDoS Report, which revealed that the firm mitigated 35% more attacks in the quarter than Q2 2021. The vendor claimed that the largest bandwidth attack it tackled during the period was 612 Gbps — a 49% increase over Q2. The largest packet rate-based attack scrubbed was 252 Mbps — a 91% increase.


PHI of 127,000 NorthCare Patients Potentially Compromised in Ransomware Attack

Permalink - Posted on 2021-11-18 16:00

NorthCare, an Oklahoma City, OK-based mental health clinic, was the victim of a ransomware attack in June 2021 in which patients protected health information may have been compromised. NorthCare identified suspicious network activity on June 1, 2021, when ransomware was used to encrypt files. The investigation into the attack confirmed its network was breached on May 29, 2021. The attackers rapidly deployed ransomware to prevent access to files and demanded payment of a ransom for the keys to decrypt files.


Robinhood Hack Also Included Thousands of Phone Numbers

Permalink - Posted on 2021-11-18 16:00

The recent hack at app-based investment platform Robinhood also impacted thousands of phone numbers, Motherboard has learned. The news provides more clarity on the nature of the data breach. Originally, Robinhood said that the breach included the email addresses of 5 million customers, the full names of 2 million customers, and other data from a smaller group of users. Motherboard obtained a copy of the stolen phone numbers from a source who presented themselves as a proxy for the hackers. The file includes around 4,400 phone numbers. When asked if the numbers belonged to Robinhood customers, the company told Motherboard in a statement that “We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.”


Number of Cyber Attacks Infiltrating Critical New Zealand Networks Soars

Permalink - Posted on 2021-11-18 16:00

New Zealand’s National Cyber Security Centre (NCSC) has observed a 15% year-on-year jump in cyber-attacks against the country’s “nationally significant” organizations. More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, published today (November 16). More alarmingly still, the proportion of these incidents that reached the post-compromise stage – where threat actors manage to access and move laterally through networks or otherwise cause the victim harm – more than doubled, from 15% to 33%.


Data Breach Rule for Health Apps Leaves Developers in the Dark

Permalink - Posted on 2021-11-18 16:00

Makers of health apps are scrambling to understand the extent of their legal liability after a divided Federal Trade Commission announced they’re now required to inform users about data and privacy breaches—and if they have used their customers’ health data without authorization. The commission approved 3-2 a policy statement that the makers of health apps, including apps on smartphones and fitness devices, must comply with the FTC Health Breach Notification Rule. The rule had previously applied to a much narrower set of health-information software, primarily apps used to collect and store health records from doctors and other health-care providers. Supporters say it’s a welcome attempt to extend privacy protections to health data being gathered and stored by a new generation of health and fitness apps that hadn’t been imagined when the breach notification rule was issued in 2009. These apps gather such information as menstrual cycles, fitness and sleep patterns, and blood-glucose levels. But app developers say the September statement leaves them in the dark about crucial questions, including which apps and app makers are included under the rule, and how big the fines could be for violations, especially in cases where an app maker has been sharing users’ health information without authorization.


Adult Cam Site StripChat Exposes the Data of Millions of Users and Cam Models

Permalink - Posted on 2021-11-18 16:00

StripChat, one of the internet’s top 5 adult cam sites, has suffered a security breach and has leaked the personal data of millions of users and adult models. The leak, discovered by security researcher Bob Diachenko, took place earlier this month after StripChat exposed its ElasticSearch database cluster on the internet without a password for more than three days between November 4 and November 7. The exposed servers leaked a treasure trove of highly-sensitive information, such as: Data of 65 million users registered on the site (username, email, IP address, ISP details, tip balance, account creation date, last login date, account status); Data of 421,000 models broadcasting on the site (username, gender, studio ID, live status, tip menus/prices, strip score); Data of 134 million transactions (information about tokens and tips paid by users to models, including private tips); Data about 719,000 chat messages saved in a moderation database (the user and model ID involved in the conversations).


Patients Unaware of the Extent of Healthcare Cyber Attacks and Data Theft

Permalink - Posted on 2021-11-16 16:00

A recent survey conducted by the unified asset visibility and security platform provider Armis has explored the state of cybersecurity in healthcare and the security risks that are now faced by healthcare organizations. The survey was conducted by Censuswide on 400 IT professionals at healthcare organizations across the United States, and 2,000 U.S. patients to obtain their views on cybersecurity and data breaches in healthcare. The survey confirmed cyber risk is increasing, with 85% of respondents saying cyber risk has increased over the past 12 months. Ransomware gangs have targeted the healthcare industry over the past 12 months, and many of those attacks have succeeded. 58% of the surveyed IT professionals said their organization had experienced a ransomware attack in the past 12 months. The increase in cyberattacks on the healthcare sector is influencing healthcare decisions. 75% of IT professionals said recent attacks have had a strong influence on decision making and 86% of respondents said their organization had appointed a CISO; however, only 52% of respondents said their organization was allocating more than sufficient funds to cover IT security. The survey of patients revealed a third had been the victim of a healthcare cyberattack, and while almost half of patients (49%) said they would change healthcare provider if it experienced a ransomware attack, many patients are unaware of the extent of recent cyberattacks and how frequently they are now being reported. In 2018, healthcare data breaches were reported at a rate of 1 per day. In the past year, there have been 7 months when data breaches have been reported at a rate of more than 2 per day. Despite extensive media reports about healthcare data breaches and vulnerabilities in medical devices, 61% of potential patients said they had not heard about any healthcare cyberattacks in the past two years, clearly showing many patients are unaware of the risk of ransomware and other cyberattacks. However, patients are aware of the impact those attacks may have, with 73% of potential patients understanding a cyberattack could impact the quality of care they receive. When potential patients were asked about their privacy concerns, 52% said they were worried a cyberattack would shut down hospital operations and would potentially affect patient care, and 37% said they were concerned about the privacy of information accessible through online portals.


PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches

Permalink - Posted on 2021-11-16 16:00

On June 24, 2021, Sea Mar learned sensitive data had been exfiltrated from its IT systems by an unauthorized individual. Assisted by a leading third-party cybersecurity firm, Sea Mar determined its systems had been accessed between December 2020 and March 2021. According to the breach notice posted on its website, a review was conducted of the information potentially stolen from its network, which confirmed the following data types had been stolen: Name, address, Social Security number, date of birth, client identification number, diagnostic and treatment information, insurance information, claims information, and/or images associated with dental treatment. On November 3, 2021, Utah Imaging Associates reported a data breach to the HHS’ Office for Civil Rights that involved the protected health information of 583,643 individuals. The breach has been listed as a hacking/IT incident involving PHI stored on a network server.


Southern Ohio Medical Center Diverts Ambulances Due to Cyberattack

Permalink - Posted on 2021-11-15 20:00

Southern Ohio Medical Center (SOMC) Diverts in Portsmouth, OH, is recovering from a cyberattack that occurred on the morning of Thursday, November 11, 2021. The attack forced the hospital to go on diversion and direct ambulances to other healthcare facilities. The hospital also had to cancel some appointments and outpatient services.


Data of 5.9 Million Customers of RedDoorz Hotel Booking Site Leaked in Singapore's Largest Data Breach

Permalink - Posted on 2021-11-15 20:00

The personal data of nearly 5.9 million Singaporean and South-east Asian customers of hotel booking site RedDoorz was found to have been leaked, in what the Government has called Singapore's largest data breach. The Personal Data Protection Commission (PDPC) has fined local firm Commeasure, which operates the website, $74,000. This is much lower than the combined $1 million fine imposed on SingHealth and Integrated Health Information Systems for the 2018 data breach which affected 1.5 million people.


Robinhood Discloses Data Breach Impacting 7 Million Customers

Permalink - Posted on 2021-11-15 20:00

Stock trading platform Robinhood has disclosed a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers. The attack occurred on November 3rd after a threat actor called a customer support employee and used social engineering to obtain access to customer support systems. After accessing the support systems, the threat actor was able to access customer information, including full names, email addresses, and for a limited number of people, data of birth, and zip codes.


Costco Discloses Data Breach After Finding Credit Card Skimmer

Permalink - Posted on 2021-11-12 14:00

Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel. Costco added that individuals impacted by this incident might have had their payment information stolen if those who planted the card theft device were able to gain access to the info before the skimmer was found and removed. While the company didn't reveal the exact timeline of the incident, Costco customers have complained about unauthorized transactions on their payment cards since at least February.


Back-to-Back PlayStation 5 Hacks Hit on the Same Day

Permalink - Posted on 2021-11-12 14:00

A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking over its most basic functions. Both exploits were posted on Twitter on Nov. 7 without disclosure to Sony or specifics, but they nonetheless signal potential security problems to come for the gaming giant.


Booking.com Was Reportedly Hacked by a U.S. Intel Agency But Never Told Customers

Permalink - Posted on 2021-11-12 14:00

A hacker working for a US intelligence agency breached the servers of Booking.com in 2016 and stole user data related to the Middle East, according to a book published on Thursday. The book also says the online travel agency opted to keep the incident secret. Amsterdam-based Booking.com made the decision after calling in the Dutch intelligence service, known as AIVD, to investigate the data breach. On the advice of legal counsel, the company didn’t notify affected customers or the Dutch Data Protection Authority. The grounds: Booking.com wasn’t legally required to do so because no sensitive or financial information was accessed. IT specialists working for Booking.com told a different story, according to the book De Machine: In de ban van Booking.com (English translation: The Machine: Under the Spell of Booking.com). The book’s authors, three journalists at the Dutch national newspaper NRC, report that the internal name for the breach was the “PIN-leak,” because the breach involved stolen PINs from reservations. The book also said that the person behind the hack ​​accessed thousands of hotel reservations involving Middle Eastern countries including Saudi Arabia, Qatar, and the United Arab Emirates. The data disclosed involved names of Booking.com customers and their travel plans. Two months after the breach, US private investigators helped Booking.com’s security department determine that the hacker was an American who worked for a company that carried out assignments from US intelligence services. The authors never determined which agency was behind the intrusion.


Transavia Airline Fined for Weak Security Practices That Led to Data Breach

Permalink - Posted on 2021-11-12 14:00

The Dutch Data Protection Agency has levied a €400,000 ($455,000) fine today against Transavia, a Dutch airline that operates low-cost routes across Europe, for a security breach that allowed a hacker to steal the personal details of more than 83,000 passengers. The fine pertains to a security breach that Transavia publicly disclosed in February 2020.


Canada: Province Sued Over Privacy Breach Involving 9,000 Children

Permalink - Posted on 2021-11-12 14:00

A class-action lawsuit will proceed against the province after confidential information about nearly 9,000 children with disabilities was mistakenly sent to agencies that provide services to them and community advocates.


Ohio: SOMC Suffers from Cyber Attack

Permalink - Posted on 2021-11-12 14:00

Patients who had appointments at Southern Ohio Medical Center (SOMC) facilities Thursday received notice that their appointments were canceled due to an emergency. Rumors quickly started circulating that the hospital and its facilities we unable to access their computers or phone lines due to the computer system being down. It was later announced on the hospital’s social media platforms that the hospital’s computer servers had been hacked.


Phishing Attacks Grow 31.5% Over 2020, Social Media Attacks Continue to Climb

Permalink - Posted on 2021-11-11 15:00

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020, according to a PhishLabs report. Notably, attacks in September 2021 were more than twice as high as the previous year. Social media attacks skyrocket in 2021: Since January, the average number of social media attacks per target climbed steadily, up 82 percent year-to-date; Vishing is increasing: Vishing incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls; O365 users beware: In Q3, 51.6 percent of credential theft phishing attacks reported by corporate users targeted O365 logins; PII grows on the dark web, leveraging chat services: The sale of Personally Identifiable Information accounted for 12 percent of dark web threats and was primarily made up of threat actors marketing employee email addresses to black market buyers. In 56 percent of PII sales, chat-based services were used to market the data.


Brittany Ferries Admits to Leaks Caused by Routine Website Update

Permalink - Posted on 2021-11-11 15:00

It's never good when a boat operator talks of a breach, even if in this case it's a figurative one. Brittany Ferries has told some customers that an unforeseen technical glitch introduced after "routine" website maintenance had left their accounts wide open, potentially exposing very sensitive details to anyone who knew the linked email address. The operator, which runs ships from the UK to ports in Spain, France, and Ireland, contacted punters on Tuesday with the bad news about a "breach to our data that might have an impact on your My Account with Brittany Ferries."


Comic Book Distributor Struggling with Shipments After Ransomware Attack

Permalink - Posted on 2021-11-11 15:00

Major comic book company Diamond Comic Distributors is struggling to keep up with its planned shipments after being hit with a ransomware attack on Sunday. In a statement, the company said its planned shipments for Wednesday would be delayed about two to four days throughout the country due to the attack; reorders are expected to resume within the next 72 hours. The delays will also affect international retailers. The company said it was dealing with a ransomware attack affecting its order processing systems as well as its internal communications platforms.


Gmail Accounts Are Used in 91% of all Baiting Email Attacks

Permalink - Posted on 2021-11-11 15:00

Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. According to a report by Barracuda, who surveyed 10,500 organizations, 35% of them received at least one bait attack email in September 2021 alone.


DDoS Attack on VoIP Provider Telnyx Impacts Global Telephone Services

Permalink - Posted on 2021-11-11 15:00

Telnyx confirmed that it sustained the increasing intensity of DDoS attacks twice in a day. “It is anticipated that the DDoS attacks will continue, but there is no way for us to predict it. Telnyx has not been in communication with the bad actors. There has not yet been a ransom request,” Telnyx said in a statement. Given the severity of the attack, Telnyx is moving its operations to Cloudflare Magic Transit to mitigate additional risks. The company warned that users might experience failed calls, API and portal latency/time outs, and/or delayed or failed messages until proper resolutions are made.


Hackers Undetected on Queensland Water Supplier Server for 9 Months

Permalink - Posted on 2021-11-11 15:00

Hackers stayed hidden for nine months on a server holding customer information for a Queensland water supplier, illustrating the need of better cyber defenses for critical infrastructure. The breach occurred between August 2020 and May 2021, and the actors managed to access a web server used to store customer information by the water supplier.


Canada: N.L. Patient, Employee Data Stolen in Healthcare Cyber Attack

Permalink - Posted on 2021-11-10 15:00

Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador's health-care system as part of a recent cyberattack, according to officials. The information was accessed through the province's Meditech data repository, which includes a patient information database as well as core communication tools, such as email. According to government officials, the breach includes basic information collected when a patient registers for an appointment — including names, birthdays, addresses, email addresses and phone numbers, medical care plan (MCP) numbers, the name of the person's family doctor, marital status and in- and out-patient times. The attackers were also able to access information connected to Eastern Health employees who worked within about the last 14 years and Labrador-Grenfell Health employees from about the last nine years.


Maxim Healthcare Group Notifies 65,000 Individuals About October 2020 Email Breach

Permalink - Posted on 2021-11-10 16:00

Columbia, MD-based Maxim Healthcare Group has started notifying 65,267 individuals about a historic breach of its email environment and the exposure of their protected health information. Maxim Healthcare Group, which includes Maxim Healthcare Services and Maxim Healthcare Staffing, said it identified suspicious activity in its email environment on or around December 4, 2020. Steps were taken to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach. The investigation revealed unauthorized individuals had access to several employee email accounts between October 1, 2020, and December 4, 2020. A comprehensive review of those accounts revealed they contained a range of protected health information that was potentially accessed and exfiltrated. The forensic investigation was unable to determine which emails, if any, were accessed and exfiltrated.


Vulnerabilities Associated with Ransomware Increased 4.5% in Q3 2021

Permalink - Posted on 2021-11-10 16:00

Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and Cyware reveals. This last quarter saw a 4.5% increase in CVEs associated with ransomware, a 4.5% increase in actively exploited and trending vulnerabilities, a 3.4% increase in ransomware families, and a 1.2% increase in older vulnerabilities tied to ransomware compared to Q2 2021. The analysis uncovered 12 new vulnerabilities tied to ransomware in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278. Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks. The report also revealed that ransomware groups are continuing to find and leverage zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database and patches are released.


Average Ransomware Payment for U.S. Victims More Than $6 Million

Permalink - Posted on 2021-11-10 15:00

In the "State of Ransomware Readiness" study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. Of that 80%, 39% paid a ransom, with US victims paying an average of $6,312,190. Victims in Canada paid an average of $5,347,508 while those in the UK paid nearly $850,000. Victims in South Africa, Australia, and Germany all paid less than $250,000 on average. More than 40% of respondents did not pay any ransom, and another 13% were able to negotiate the initial ransom figure down. Of the 742 experts who spoke to Mimecast, more than half said the primary source of ransomware attacks came from phishing emails with ransomware attachments, and another 47% said they originated from "web security." Phishing emails that led to drive-by downloads were also a highly-cited source of ransomware infections. Less than half of respondents said they have file backups that they could use in the event of a ransomware attack, and almost 50% said they needed bigger budgets to update their data security systems.


ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million

Permalink - Posted on 2021-11-10 15:00

A report published on Wednesday by the Ponemon Institute and industrial cybersecurity firm Dragos shows that the average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million, and some companies reported costs of over $100 million. The report is based on data from a survey of 600 IT, IT security, and OT security practitioners conducted by the Ponemon Institute in the United States. Twenty-nine percent of respondents admitted that their organization was hit by ransomware in the past two years, and more than half of them said they had paid an average ransom of more than $500,000. Some organizations reported paying more than $2 million. Nearly two-thirds of respondents said they experienced an ICS/OT cybersecurity incident in the past two years. The most common causes were negligent insiders, a maintenance-related issue, or IT security incidents “overflowing” to the OT network due to poor segmentation between IT and OT.


Taiwan Government Faces 5 Million Cyber Attacks Daily

Permalink - Posted on 2021-11-10 15:00

Taiwan's government agencies face around five million cyberattacks and probes a day, an official said Wednesday, as a report warned of increasing Chinese cyber warfare targeting the self-ruled island. Taiwanese officials have previously said the island faces millions of cyberattacks every month, with around half of them believed to originate from China. Speaking in parliament, cyber security department director Chien Hung-wei said Taiwan's government network faces "five million attacks and scans a day". The ministry's information security and protection centre detected and handled around 1.4 billion "anomalies" from 2019 to August 2021 to prevent potential hacking, according to the report.


81% of Organizations Experienced Increased Cyber Threats During COVID-19

Permalink - Posted on 2021-11-09 15:00

More than four in five (81%) organizations experienced increased cyber-threats during the COVD-19 pandemic, according to a new study by McAfee and FireEye. The global survey of 1451 IT and line of business decision-makers found that close to half (43%) have suffered from downtime due to a cyber concern. This resulted in costs of $100,000 for some organizations. Despite the increased threat landscape and the fact that over half (57%) of organizations saw a rise in online/web activity, 24% of respondents revealed they have had their technology and security budgets reduced over this period.


DDoS Attack Cost Bandwidth.com Nearly $12 Million

Permalink - Posted on 2021-11-09 15:00

VoIP giant Bandwidth.com reported its third-quarter earnings on Monday, bringing in a revenue of $131 million. But the company noted in another release that a recent DDoS attack will end up costing them "between $9 million and $12 million" for the full fiscal year. The company filed a document with the SEC on October 26 explaining that the attack caused a "decrease of approximately $700,000 in third quarter 2021 revenue from lost transaction volume and customer credits."


DDoS Attacks Shatter Records in Q3

Permalink - Posted on 2021-11-09 15:00

The latest DDoS report for Q3 from Kaspersky details a record-breaking frenzy of recent activity by threat actors. The third quarter also ushered in two new DDoS attack vectors, the analysts found. During Q3, a team from the University of Maryland and the University of Colorado at Boulder figured out how to exploit TCP protocol to attack security devices like firewalls, deep packet inspection (DPI) tools and network address translators (NAT); often called “middleboxes” because of their position between the client and server.


Robinhood Trading Platform Data Breach Hits 7 Million Customers

Permalink - Posted on 2021-11-09 15:00

nvestor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The trading platform, which found itself in the middle of the infamous GameStop stock price run-up in January, acknowledged that the breach was a result of a system compromise that occurred on Nov. 3. The company said that the adversary was able to target an employee to gain access to sensitive company systems. After that, the perpetrator attempted to extort the company, demanding payment in return for not releasing the stolen data.


PHI of 320,000 Patients Potentially Compromised in EHR Vendor Hacking Incident

Permalink - Posted on 2021-11-08 16:00

QRS Inc, a Tennessee-based healthcare technology services company and provider of the Paradigm practice management and electronic health records (EHR) solution, has announced a data breach involving the protected health information (PHI) of almost 320,000 individuals. The cyberattack was detected on August 26, 2021, three days after a server was breached. The compromised server contained files that included PHI such as names, addresses, dates of birth, Social Security numbers, patient identification numbers, portal usernames, and medical treatment and diagnosis information.


Maxim Healthcare Notifies Patients of Breach That Occurred in October, 2020

Permalink - Posted on 2021-11-08 16:00

Maxim Healthcare became aware of unusual activity related to several employees’ email accounts. Investigation revealed that unauthorized access to some accounts had occurred between October 1, 2020 and December 4, 2020. The types of personal information that may have been accessible to an unauthorized actor include: name, address, date of birth, contact information, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, and username/password. For a limited number of individuals, Social Security number may also have been accessible.


$55M Stolen from Crypto Company

Permalink - Posted on 2021-11-08 16:00

Cyber-criminals have siphoned an estimated $55m from decentralized finance (DeFi) lending protocol bZx. The crypto company said that the theft occurred on Friday after one of its developers was taken in by a phishing attack and unwittingly gave up the details of some private keys. The phishing email was sent to the victim’s personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment.


India: Data Breach at CDSL's KYC Arm Exposed 4.39 Million Files of Investors' Data Twice Within 10 Days

Permalink - Posted on 2021-11-08 16:00

A vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL), has exposed personal and financial data of over 4 crore Indian investors twice in a period of 10 days, according to cyber security consultancy startup CyberX9. The Central Depository Services (India) Limited (CDSL) is a SEBI registered depository and CDSL Ventures Ltd is a KYC registering agency separately registered with the Securities and Exchange Board of India (SEBI).


1.8 TB of Police Helicopter Surveillance Footage Leaks Online

Permalink - Posted on 2021-11-08 16:00

Law Enforcement use of surveillance drones has proliferated across the United States in recent years, sparking backlash from privacy advocates. But newly leaked aerial surveillance footage from the Dallas Police Department in Texas and what appears to be Georgia's State Patrol underscore the breadth and sophistication of footage captured by another type of aerial police vehicle: helicopters. The transparency activist group Distributed Denial of Secrets, or DDoSecrets, posted a 1.8-terabyte trove of police helicopter footage to its website on Friday. DDoSecrets cofounder Emma Best says that her group doesn’t know the identity of the source who shared the data and that no affiliation or motivation for leaking the files was given. The source simply said that the two police departments were storing the data in unsecured cloud infrastructure.


80% of Organizations Experienced Employees Misusing and Abusing Access to Business Apps

Permalink - Posted on 2021-11-08 16:00

Organizations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft, a CyberArk research reveals. According to the research, in 70 percent of organizations, the average end-user has access to more than 10 business applications, many of which contain high-value data – creating ample opportunity for a malicious actor. To that end, the top-three high-value applications that organizations were most concerned with protecting against unauthorized access were IT service management apps such as ServiceNow, cloud consoles such as Amazon Web Services, Azure and Google Cloud Platform and marketing and sales enablement applications such as Salesforce.


Electronics Retail Gant MediaMarkt Hit by Ransomware Attack

Permalink - Posted on 2021-11-08 16:00

Electronics retail giant MediaMarkt has suffered a ransomware attack causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. BleepingComputer has learned that the attack has affected numerous retail stores throughout Europe, primarily those in the Netherlands. While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores. The systems outage is also preventing returns due to the inability to lookup previous purchases.


Cyber Attack Hits Multiple Greek Shipping Firms

Permalink - Posted on 2021-11-05 17:00

Multiple Greek shipping companies have been hit by a ransomware attack that spread through the systems of a popular, well-established IT consulting firm, according to Greek outlet Mononews. Danaos Management Consultants, the IT service provider whose services were affected by the hack, confirmed the incident and. The company said that Danaos' own shipping operations have not been hit, and that fewer than 10 percent of its external customers had their files encrypted by the ransomware attack.


Australia: Hackers Gained Access to mySA Gov Accounts

Permalink - Posted on 2021-11-05 17:00

Yesterday afternoon, South Australia's Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. mySA Gov is the South Australian government's online platform and app that provides residents with single account access for the state's services, such as checking into a venue or completing transactions for vehicle registration. The department said hackers accessed these accounts as account holders used the same or a similar password for their mySA Gov account as they had used for their account with an unrelated website. The hackers then used the passwords they had obtained from the unrelated website to access a number of mySA GOV accounts. The department did not provide details about the unrelated website.


Nationwide Laboratory Services Ransomware Attack Affects 33,000 Patients

Permalink - Posted on 2021-11-05 17:00

Boca Raton, FL-based Nationwide Laboratory Services, which was acquired by Quest Diagnostics in the summer, was the victim of a ransomware attack earlier this year. Nationwide Laboratory Services detected a breach of its systems on May 19, 2021, when ransomware was used to encrypt files across its network and prevent files from being accessed. Steps were immediately taken to contain the attack and a third-party cybersecurity firm was engaged to assist with the investigation and remediation efforts. The forensic investigation confirmed on August 31, 2021, that the attackers gained access to parts of its network where patients’ protected health information was stored, and potentially accessed information such as names, dates of birth, lab test results, medical record numbers, Medicare numbers, and health insurance information. A subset of the individuals affected had their Social Security numbers exposed. The types of information exposed in the attack varied from patient to patient.


U.S. Defense Contractor 'Electronic Warfare' Hit by Data Breach

Permalink - Posted on 2021-11-05 17:00

US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information. The company claims the breach's impact was limited but confirmed that the threat actor managed to exfiltrate files containing sensitive information. As detailed in a notice to the Montana Attorney General's office, EWA discovered that a threat actor took over one of their email accounts on August 2, 2021. The firm noticed the infiltration when the hacker attempted wire fraud, which appears to be the primary goal of the actor. Based on the investigation that followed, it was discovered that names, social security numbers (SSNs), and the driver's license of the notice recipients were also stolen. As such, the wire fraud attempt may have been a distraction, which is entirely plausible for sophisticated actors who are interested in targeting highly-sensitive firms of this type. It is unclear if the stolen information affects only the company's employees and whether or not technical documents have also been stolen during the incident.


PHI of 45,262 Desert Pain Institute Patients Potentially Compromised in Cyber Attack

Permalink - Posted on 2021-11-04 16:00

Baywood Medical Associates, doing business as Desert Pain Institute (DPI) in Mesa, AZ, has discovered unauthorized individuals gained access to parts of its computer network that contained the protected health information of patients. A review of the files on systems accessible to the hackers releveled the following information may have been viewed or exfiltrated: Full names, addresses, dates of birth, Social Security numbers, tax identification numbers, driver’s license/state-issued identification card numbers, military identification numbers, financial account numbers, medical information, and health insurance policy number. The types of data potentially compromised varied from patient to patient.


Jukin Media Hacked and Data Dumped

Permalink - Posted on 2021-11-04 16:00

On Wednesday, Jukin Media posted a notice on its site requiring users to reset their passwords. They said the reset was due to a “security upgrade.” Then later yesterday, it became clear that there had definitely been a security incident when a thread appeared on a popular forum dumping Jukin data for a nominal fee of 8 tokens. The fact that Jukin Media knew they were being attacked makes their “Security Upgrade” notice seem even more deceptive. Why didn’t they tell users that they knew they had been attacked and were requiring a password reset in response? And why haven’t they said anything publicly since yesterday’s leak? DataBreaches.net was able to submit a press inquiry today to Jukin Media through their web site, but no reply has been received as of the time of publication.


Cyber Attack Knocks Ohio County Library Computers Offline

Permalink - Posted on 2021-11-04 16:00

A cybersecurity incident has knocked out the Toledo Lucas County Public Library website and computer systems for the second day in a row, and officials are unsure when service might be restored. Stephanie Elton, the library's assistant manager of communications, innovation and strategy, said the service outage happened because of a "targeted cybersecurity incident, which remains under investigation by forensic experts." It is yet unknown how long it would take to resolve the issue and restore the network, she said.


State Probing LGBTQ Atraf Website for Faulty Cyber Defenses

Permalink - Posted on 2021-11-03 16:00

The Authority for the Defense of Privacy announced on Wednesday that it is probing the Atraf website for LGBTQ dating for faulty cyberdefenses that may have led to its recently being hacked. If the probe leads to real consequences, it could prove to be a game-changer in the cyber arena in motivating companies to take stronger measures regarding cyberdefense. Last weekend, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing personal information of lesbian, gay, bisexual transgender and queer clients of the website in waves during the course of this week, threatening to disclose more until they are paid a ransom. The authority said it is no coincidence that the website has been down since the hacking and that it may remain down indefinitely due to the website owner’s lack of cyber protections of their clients’ personal data. In addition, the authority noted other state agencies’ efforts to block search engines and social media sites from being able to display the personal information, warning that anyone who displays such information could be themselves guilty of a crime.


Moses Staff Hackers Strike Again, Attack Israeli Engineering Companies

Permalink - Posted on 2021-11-03 16:00

A hacker group called Moses Staff claimed on Tuesday that it had successfully conducted a cyberattack on three Israeli engineering companies, less than two weeks after it leaked files it claimed to have obtained in an attack on the Defense Ministry. The group announced on Tuesday that it had targeted Ehud Leviathan Engineering, David Engineers and HGM Engineering in its latest attack. The data leaked from the three companies include projects, maps, contracts, pictures, letters and videoconferencing images. Moses Staff stated that the information it had leaked did not include everything that they had obtained and they would gradually release the rest.


Medical School Exposes Personal Data of Thousands of Students

Permalink - Posted on 2021-11-03 16:00

A US medical training school exposed the personally identifiable information (PII) of thousands of students. On Wednesday, vpnMentor published a report on the security incident, in which an unsecured bucket was left exposed online. The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or just under an estimated 200,000 files. After discovering the open system, the researchers traced the owner as Phlebotomy Training Specialists. The LA-based organization offers phlebotomy certification and courses in states including Arizona, Michigan, Texas, Utah, and California.] According to vpnMentor, the records contained within were backed up from September 2020, but some were created before this time. The unsecured Amazon S3 bucket contained a variety of PII including ID card and driver license copies, as well as CVs, revealing names, dates of birth, genders, photos of students, home addresses, phone numbers, email addresses, and both professional and educational summaries. In addition, over 27,000 tracking forms were found that in some cases contained the last four digits of Social Security numbers, as well as student transcripts and training certificate scans.


Negligent Schools Continue to Cover-up Cyber Attacks; Withholding Cost of Damages from Public

Permalink - Posted on 2021-11-03 16:00

The Daily Dot submitted public records requests to 15 school districts across the country that were hit by recent cyberattacks, including the one in Fairfax. But after over a month of negotiations, only six districts have agreed to disclose how much they paid to recover from the attacks. Three districts have claimed statutory exemptions to withhold all or nearly all their records, and the rest aside from Fairfax have provided nothing more than an acknowledgment of the Daily Dot’s request. More than 830 schools have been hit by ransomware this year, according to the cybersecurity firm Emsisoft, and the FBI warns that these attacks are on the rise. From the rural Deep South to the suburbs of Los Angeles, hackers are hitting school districts across the country indiscriminately. But the numbers could be much higher because there’s no nationwide requirement that schools report ransomware attacks. Most states don’t have reporting requirements either, and the ones that do don’t enforce the mandates or won’t release the information, research by the cybersecurity firm Recorded Future shows.


Cyber Attacks Reported by Family of Woodstock and Viverant

Permalink - Posted on 2021-11-03 16:00

Family of Woodstock (FOW), a New York provider of crisis intervention, information, prevention, and support services, has suffered a cyberattack in which the protected health information of 8,214 individuals was potentially compromised. The cyberattack was detected on August 3, 2021, and rapid steps were taken to eject the attackers from its network and restore its systems and operations. Third-party forensic investigators were engaged to determine the nature and scope of the breach, with the initial phase of the investigation concluding on September 11, 2021.


Britian: ICO Collects Just 26% of Value of Fines Since 2020

Permalink - Posted on 2021-11-03 16:00

The UK’s data protection and privacy regulator is getting worse at collecting the fines it hands out to penalize erring companies, according to new data from TheSMSWorks. The SMS API provider has been tracking the progress of the Information Commissioner’s Office (ICO) in such matters since 2018. Unfortunately, it revealed that just a quarter (26%) of the monetary value of fines it issued from January 2020 to September 2021 had been paid, down from 32% during the last report period (January 2019-August 2020). That means, out of the 47 individual fines during the current period, amounting to £7m, just 19 had been successfully collected, at a value of only £1.8m. This excludes the sizeable GDPR penalties for British Airways (£20m) and Marriott International (£18.4m). These companies have reportedly agreed to pay their fines in annual installments. The news comes despite legislation that effectively makes company directors responsible for paying fines. In the past, many would declare bankruptcy to avoid the fine. According to TheSMSWorks, many directors simply refuse to pay or initiate a slow and unwieldy appeals process. It claimed that Eldon Insurance, fined £60,000 for email spam in February 2019, still has an unresolved appeal being processed. Another company, MyIML Ltd, has reportedly not yet fully paid its £80,000 nuisance call fine six years after it was issued. Over £1m in unpaid fines are said to be currently under appeal.


Annual Cost of Child Identity Fraud Almost $1 Billion

Permalink - Posted on 2021-11-03 16:00

New research published today by Javelin Strategy & Research puts the annual cost of child identity theft and fraud in the United States at nearly $1bn. The 2021 Child Identity Fraud study authored by Tracy Kitten, director of fraud & security at Javelin Strategy & Research, analyzed factors that put children at the highest risk of identity theft and fraud. Risk factors examined for the research included behaviors, characteristics, and social media platforms.The study found that children who use Twitch (31%), Twitter (30%), and Facebook (25%) were most likely to have their personal information exposed in a data breach. Another key finding was that more than 1.25 million children in the United States became victims of identity theft and fraud in the past year. Resolving the situation cost the average family more than $1,100 and was a slow process. Chillingly, the report revealed that over half of all child identity theft and fraud cases involve children ages nine and younger and that most (70%) victims know their perpetrators.


Mobile Phishing Attacks Targeting Energy Sector Surge by 161%

Permalink - Posted on 2021-11-03 16:00

Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year's (H2 2020) data, and the trend is showing no signs of slowing down. Mobile phishing also surged in the first half of 2021, with nearly 20% of all employees in the energy sector being targeted in mobile phishing attacks. According to the report from Lookout, the most significant attack surface stems from 56% of Android users running out-of-date and vulnerable versions of the OS.


Canada: Toronto Subways Hit by Ransomware

Permalink - Posted on 2021-11-02 14:00

The Toronto Transit Commission (TTC) -- which runs the city's public transportation system -- reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization's email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ransomware attack after its IT staff "detected unusual network activity and began investigating."


42% of Healthcare Organizations Have Not Developed an Incident Response Plan

Permalink - Posted on 2021-11-02 14:00

Hacks, ransomware attacks, and other IT security incidents account for the majority of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, but data breaches involving physical records are also commonplace. According to the Verizon Data Breach Investigations Report, disclosed physical records accounted for 43% of all breaches in 2021, which highlights the need for data security measures to be implemented covering all forms of data. The survey revealed 22% of data breaches were the result of errors by employees. The biggest barriers to employees following information security policies and procedures were a lack of understanding of the threats and risks (49%), lack of accessibility or understanding of policies (41%), and a lack of consistent training and security awareness programs (10%).


40% of Organizations Suffered a Cloud-Based Data Breach in the Past 12 Months

Permalink - Posted on 2021-11-02 14:00

Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research. According to the study, 21% of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year. There are some common trends as to where companies turn when considering how to secure their cloud infrastructure, with 33% reporting multi-factor authentication (MFA) as being a central part of their cybersecurity strategy. However, only 17% of those surveyed have encrypted more than half of the data they store in the cloud. This figure drops to 15% where organizations have adopted a multicloud approach. Even where businesses protect their data with encryption, 34% of organizations leave the control of keys to service providers rather than retaining control themselves. Where large numbers of organizations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical. However, 48% of business leaders globally admitted their organization does not have a zero trust strategy, and 25% aren’t even considering one.


Ransomware Attack Targets Las Vegas Cancer Center Patients' Personal Information

Permalink - Posted on 2021-11-02 14:00

Current and former patients of the Las Vegas Cancer Center may have had their personal information exposed to bad actors after a ransomware attack, the center announced in a press release on Monday. LVCC administrators confirmed hackers accessed encrypted data on the center's server over Labor Day weekend and stated the security breach was discovered on Sept. 7 when staff returned after the holiday. Though LVCC’s server and computers are protected by a firewall and multiple malware defense systems, hackers may have been able to access patient names, addresses, dates of birth, social security numbers, medical records and insurance information as a result of the breach, according to the center. However, LVCC claims all patient data was stored in a proprietary format and was likely not usable by hackers.


More than 650,000 Patients of Community Medical Centers Notified About Hacking Incident

Permalink - Posted on 2021-11-01 16:00

The protected health information of more than 650,000 patients of Community Medical Centers (CMC) in California has potentially been obtained by hackers. CMC is a not-for-profit network of community health centers that serve patients in the San Joaquin, Solano, and Yolo counties in Northern California. CMC identified suspicious activity in its computer systems on October 10, 2021, and shut down its systems to prevent further unauthorized access. An investigation was launched to determine the nature and scope of the breach, with assistance provided by third-party cybersecurity experts. The forensic investigation confirmed that unauthorized individuals had gained access to parts of its network where protected health information was stored, including first and last names, mailing addresses, dates of birth, Social Security numbers, demographic information, and medical information.


Healthcare System Phishing Breach Affects 209,000

Permalink - Posted on 2021-11-01 16:00

UMass Memorial Health in its notification statement says that it determined on Jan. 27 that some employees’ email accounts may have been accessed by an unauthorized person. On Aug. 25, the healthcare entity completed the process of identifying individuals with information contained in the accounts, the statement says. For affected patients, the information involved included names, dates of birth, medical record numbers, health insurance information and clinical or treatment information, such as dates of service, provider names, diagnoses, procedure information and/or prescription information, UMass Memorial Health says. For affected health plan participants, the information involved included names, subscriber ID numbers and benefits election information. For some individuals, a Social Security number and/or driver’s license number was also involved, the statement says.


'Black Shadow' Hackers Leak Data from Israeli LGBT App

Permalink - Posted on 2021-11-01 15:00

The hacker group "Black Shadow" has leaked data from various Israeli companies, such as LGBTQ dating app "Atraf", Dan bus company and tour booking company Pegasus on Saturday night. On Friday, the group announced that they had hacked into the servers of the Israeli Internet company Cyberserve, promptly turning them off and threatening to leak data. It remains unclear if Cyberserve plans to pay Black Shadow’s desired ransom or how the hacker group plans to publicly leak the data.


Canadian Province Healthcare System Disrupted by Cyber Attack

Permalink - Posted on 2021-11-01 15:00

The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. This outage affected health systems in Central Health, Eastern Health, Western Health, and the Labrador-Grenfell Regional Health authorities. The IT outage also affected communications in the region, with people reporting an inability to reach the health care centers or 911 via phone.


Unauthorized Account Openings Increased by 21% in the Last 12 Months

Permalink - Posted on 2021-10-29 15:00

Fifty-eight million consumers had a new account opened without their authorization in the last 12 months, a 21% increase compared to 2020, yet less than half of Americans know how to protect their data and identities. Given the heavy reliance on smartphones, with 64% using their mobile phone to sign up for new service, the safety and security of the mobile channel is of critical importance to consumers and companies alike. Twenty-four percent of consumers report that their mobile devices have been compromised since the pandemic began. Consumer concern about smartphone malware attacks has increased 34% year-over-year and nearly half believe their mobile device is more vulnerable than their personal computer.


Data Breach at University of Colorado Confirmed

Permalink - Posted on 2021-10-29 15:00

An American university is notifying thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued October 25, the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, Atlassian Corporation Plc. Some files stored in the impacted program contained personally identifiable information (PII) for current and former CU Boulder students. Included in that information were names, student ID numbers, addresses, dates of birth, phone numbers, and genders.


Security Breaches Reported by Lavaca Medical Center and Throckmorten County Memorial Hospital

Permalink - Posted on 2021-10-29 15:00

Lavaca Medical Center, a critical access hospital in Hallettsville, TX, has started notifying 48,705 patients about a security breach in which their protected health information was exposed. Lavaca Medical Center said unusual activity was detected in its computer network on August 22, 2021, indicating a potential cyberattack. Steps were immediately taken to secure its network and a third-party computer forensics firm was engaged to assist with the investigation. The forensic investigators confirmed unauthorized individuals had access to the network between August 17 and August 21.


Ransomware Attack Hits Papua New Guinea's Finance Ministry

Permalink - Posted on 2021-10-29 15:00

Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government's access to foreign aid, its ability to pay cheques and carry out other basic functions in the midst of a spiralling Covid-19 surge. The attack took place in the middle of the night on October 22.


Massachusetts Health Network Hacked; Patient Information Exposed

Permalink - Posted on 2021-10-29 15:00

UMass Memorial Health notified patients earlier this month if their information was involved in the breach, which occurred between June 2020 and January. The personal data included Social Security numbers, insurance information and medical information, The Telegram & Gazette reported Thursday. More than 200,000 patients and health plan participants could have been affected by the breach, according to a federal database of cybersecurity incidents at medical facilities. The hospital says it has investigated the incident but couldn’t determine how much of the personal information may have been stolen.


S. Korea: Facebook Recommended to Pay 300,000 Won Compensation per Victim Over Personal Data Breach

Permalink - Posted on 2021-10-29 15:00

The state watchdog on personal information protection on Friday recommended the operator of Facebook to pay 300,000 won (US$256.70) in compensation to each of 181 users demanding damages for the provision of their personal information to third parties without consent. The recommendation to Meta Platforms, Inc. was made by the Personal Information Protection Commission (PIPC)'s dispute mediation panel in charge of settling a dispute between the operator and Korean users of Facebook over the platform's breach of users' personal data. The state watchdog in November concluded that Facebook passed personal data of at least 3.3 million of its total 18 million Korean users to third parties without the users' consent between May 2012 and June 2018. The leaked data included the lists of the users' Facebook friends. The global platform giant was fined 6.7 billion won for the privacy law violations at that time.


Private Proof-of-Vaccine App Portpass Continues to Expose Personal Data Even After Relaunch and Updates

Permalink - Posted on 2021-10-29 15:00

Personal information belonging to more than 17,000 users of the private proof-of-vaccination app Portpass is still unsecured and visible online — including, in some cases, photos of drivers' licences and passports — despite assurances from the company that its data-security problems have been fixed. The Calgary-based smartphone app was temporarily taken offline in late September after CBC News initially reported that users' data was unsecured and accessible on the internet to anyone who knew where to look. The app relaunched in October and the Portpass website assured users that it protects their "health privacy and data security at the highest level" and that "your data and information is kept secure at all times." But several experts in software development have since reached out to CBC News with concerns that users' data was still accessible.


PHI Removed in Practice Management Firm's Ransomware Attack

Permalink - Posted on 2021-10-29 15:00

A ransomware attack on a medical practice management services firm that included the "removal" of files containing patient information is among the latest security incidents involving similar third-party vendors. Arizona-based PracticeMax, in sample breach notification letters being sent this month to certain members of coordination of care health plan clients Humana, Anthem and DaVita Inc., says its protected health information was affected by a ransomware attack that began on April 12 and ended on May 5. PracticeMax says it regained access to its systems on May 6, and determined that one server containing protected health information had been accessed and "certain files" had been removed. The affected individuals are all members of VillageHealth, a care coordination program for patients with chronic conditions that is run by DaVita Inc. and offered through health plans including Anthem and Humana.


Luxury Hotel Chain in Thailand Reports Data Breach

Permalink - Posted on 2021-10-29 15:00

A luxury hotel chain in Thailand is reporting a data breach thanks to a notorious group of cybercriminals who have been behind a spate of attacks in recent weeks. Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement that on October 14, they were "made aware" of a cyberattack on the hotel chain's network. An investigation confirmed that cyberattackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. The company did not say if the IDs accessed included passports, which are often asked for by hotels like Centara Hotels & Resorts.


Location Data Collection Firm Admits Privacy Breach

Permalink - Posted on 2021-10-29 15:00

A British firm which sells people's location data has admitted that some of its information was gained without seeking permission from users. Huq uses location data from apps on people's phones, and sells it on to clients, which include dozens of English and Scottish city councils. It told the BBC that in two cases, its app partners had not asked for consent from users. Kaibits Software, which developed one of the apps in question. admitted that there had been "problems with the permissions" but they were now resolved. The second app developer did not respond. Huq did not rule out the possibility that other apps may have failed to ask for proper consent. "It is possible that we or our partners may uncover future technical issues, but what's important is how quickly we act and how seriously we take the issue," the firm told the BBC.


Ransomware Has Disrupted Almost 1,000 Schools in the U.S. This Year

Permalink - Posted on 2021-10-29 15:00

Brett Callow, a researcher at Emsisoft shared the list with Motherboard. It includes 73 school districts, comprising 985 schools. Callow said that it’s very likely there’s some schools that are missing from the list, meaning the total number of victims is likely higher than 1,000. The list includes schools such as the Mesquite Independent School District in Texas, which comprises 49 different schools; the Haverhill Public Schools in Massachusetts, which comprises 16 schools; and the Visalia Unified School District in California, which comprises 41 schools.


Ransomware Soars 148% to Record-Breaking Levels in 2021

Permalink - Posted on 2021-10-28 15:00

The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall. The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day. Q3 2021 saw the most significant volume of ransomware attacks recorded by the vendor – at 190.4 million. It nearly tops the 195.7 million attempts logged in the first three quarters of 2020. SonicWall predicted that by the end of 2021, the ransomware total would be near 714 million, which would be a 134% year-on-year increase.


Small Businesses Pay Up to $1 Million to Recover from Breaches

Permalink - Posted on 2021-10-28 15:00

Over half (58%) of US small businesses have suffered a security or data breach, with most paying hundreds of thousands of dollars to cover the costs, according to a new study from the Identity Theft Resource Center (ITRC). According to the US Small Business Administration, there are nearly 32 million businesses with fewer than 500 employees. To find out more about how they’re impacted by cyber-attacks, the ITRC polled 417 small business owners. The non-profit’s 2021 Business Aftermath Report revealed that many suffer a serious business impact from breaches. Of those hit by a breach, three-quarters experienced at least two, and a third said they had suffered at least three incidents. Over two-fifths (44%) spent $250,000-$500,000 to cover the costs of the breach, while 16% said they were forced to fork out between $500,000-$1m. Unsurprisingly, over a third (36%) admitted that this outlay put their business into debt, while a similar number (34%) said they had to dip into cash reserves to bail themselves out. A further 15% were forced to reduce headcount as a result. The majority of respondents said it took them several years to recover from a breach.


India's Supreme Court Orders Pegasus Probe

Permalink - Posted on 2021-10-28 15:00

India's Supreme Court has ordered an investigation to determine whether Prime Minister Narendra Modi’s administration used spyware to illegally surveil opposition leaders, journalists, activists, tycoons, and judges. In July, India’s main opposition Congress Party accused Modi of “treason” after the cell phone numbers of several Indian journalists, activists, and an opposition election strategist were included in a data leak of numbers believed to be of interest to clients of the Israel-based NSO Group Ltd., maker of the Pegasus spyware. Lawyer Tushar Mehta, representing the government, said in earlier hearings that any software used by Modi's administration to "combat terrorism" could not be publicly named for security reasons. Mehta also denied that any illegal espionage had taken place. The Supreme Court accepted petitions to launch an independent investigation after the government offered “no specific denial” that it had used Pegasus software to spy on Indian citizens but instead offered to create an in-house committee to investigate the allegations. In the Supreme Court order, which was issued earlier today, Chief Justice N.V. Ramana said that the alleged use of Pegasus Software by the Indian government to surveil its citizens “raises an Orwellian concern,” and that the court was compelled to seek the truth in a matter in which citizens’ rights to privacy and free speech may have been violated.


Medical AI Database Containing More Than 800 Million Records Exposed Online

Permalink - Posted on 2021-10-28 15:00

An unsecured database belonging to the American medical AI platform provider Deep6.ai has been identified by security researcher Jeremiah Fowler and Website Planet. The database contained more than 800 million records of patients and physicians and could be accessed over the Internet by anyone without requiring a password. The database contained 68.53 GB of data and included 886,521,320 records, most of which related to individuals in the United States. While some of the information was encrypted, physician notes and physician information were in plain text and could be viewed by anyone.


PHI of Employees Potentially Compromised in Tech Etch Ransomware Attack

Permalink - Posted on 2021-10-28 15:00

Tech Etch, a Plymouth, MA-based manufacturer of precision-engineered thin metal components, flexible printed circuits, and EMI/RFI shielding, has announced it was the victim of a ransomware attack in which the personal and protected health information of current and former employees was potentially compromised.


Seneca Family of Agencies Discloses Breach Personal and Medical Data

Permalink - Posted on 2021-10-28 15:00

In a October 22 notice of the breach on their web site, SFA writes that they discovered an unauthorized individual had access to parts of their network between August 25 and August 27. DataBreaches.net has reached out to them to get more details such as the number of individuals notified and whether there was any ransom demand.


Non-Profit Samaritan Daytop Village Discloses Breach

Permalink - Posted on 2021-10-28 15:00

Samaritan Daytop Village, Inc. has disclosed a breach that they first discovered on September 22. The not-for-profit, which started 60 years ago as an outpatient drug treatment services provider but expanded its scope, reports that they could not be sure whether data was actually viewed, exfiltrated, neither, or both. It is all still under investigation.


Washington County School District Looks into Possible Ransomware Attack

Permalink - Posted on 2021-10-28 15:00

It’s still unclear whether personal student information was stolen during a system hack. The superintendent of the Washington Central Unified Union School District says in a letter Wednesday that its information systems were compromised. Interim Superintendent Jen Miller-Arsenault sent out a letter to families saying the district’s systems have been compromised as a result of a suspected, but unconfirmed ransomware attack.


Blue Shield of California Insurance Broker Victim of Ransomware Attack

Permalink - Posted on 2021-10-28 15:00

Blue Shield of California has disclosed that a ransomware attack on an insurance broker, Team Alvarez Insurance Services, has impacted 2,858 Blue Shield members’ information including names and one or more of the following: health insurance information, health plan member ID number, date of birth, email addresses, phone numbers and physical addresses. The ransomware attack was detected on August 25, 2021.


New York Law Firms Admits to Data Breach

Permalink - Posted on 2021-10-28 15:00

Coughlin & Cerhart (C&G) law firm in New York experienced a security breach in early April. It is not clear from their press release whether this was a ransomware attack or not, and DataBreaches.net has reached out to them to ask for clarification on the nature of the attack.


Netherlands: Cyber Attack Paralyzes Eberspaecher

Permalink - Posted on 2021-10-28 15:00

Hackers paralyzed the international automotive supplier Eberspächer with a major cyber attack on Sunday morning. The website is also down.


HTTPS Threats Grow More Than 314% Through 2021

Permalink - Posted on 2021-10-28 15:00

Cybersecurity firm Zscaler has released their latest State of Encrypted Attacks Report, highlighting the growth in HTTPS threats since January as well as other attacks facing tech companies and retailers. The report found that HTTPS threats have increased by more than 314% while attacks on tech companies grew by 2,300% and retail companies saw an 800% increase in attacks. According to the report, the tech industry accounted for 50% of all attacks they tracked. Instances of malware were up 212% in the report and phishing rose by 90%. The report tracks more than 20 billion threats blocked over HTTPS and analyzes about 190 billion daily transactions through its Zero Trust Exchange that took place from January to September. From there, the Zscaler ThreatlabZ research team goes through the data to compile the report.


Sensitive Data of 400,000 German Students Exposed by API Flaw

Permalink - Posted on 2021-10-28 15:00

Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform. Lilith Wittmann, a security researcher from the IT security collective “Zerforchung” discovered the bug and immediately disclosed their findings to the Scoolio team. Zerforchung states that they disclosed the flaw to Scoolio on September 21, 2021, but it took the software developer until October 25, 2021 to deploy a patch.


FBI Raids Chinese POS Business Following Cyber Attack Caims

Permalink - Posted on 2021-10-27 15:00

The FBI has raided the Jacksonville warehouse of a Chinese point of sale (POS) terminal vendor after reports that the terminals were being used as part of a network distributing malware. The company in question, PAX Technology, is based in Shenzhen, China. FBI agents executed a court-authorized search at the firm’s warehouse in Jacksonville, Florida.


Schreiber Foods Hit with Cyber Attack; Dairy Plants Closed

Permalink - Posted on 2021-10-27 15:00

Milk distribution was in disarray in Wisconsin this week as one of the state’s larger milk processors, Schreiber Foods, was victimized by hackers demanding a rumored $2.5 million ransom to unlock their computer systems. Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday (Oct. 23) saying that the company’s computer systems were down and that their plants couldn’t take the milk that had been contracted to go there. Haulers and schedulers were forced to find alternate homes for milk. As of Tuesday’s Wisconsin State Farmer deadline there had not yet been reports of milk having to be dumped. Calls to Schreiber Foods were not immediately returned.


Cyber Attack Hits U.K. Internet Phone Providers

Permalink - Posted on 2021-10-27 15:00

In a statement, Comms Council UK said that the DDoS attacks on British VoIP firms have occurred during the past four weeks and "appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals". A Comms Council UK spokesman told the BBC that he was unable to specify how many firms were affected and added that he would describe the scale of the attack as "unprecedented".


Californiaa: Woodlake Unified District Student and Personnel Data Dumped After Ransomware Incident

Permalink - Posted on 2021-10-26 14:00

Woodlake Unified District in California includes Castle Rock Elementary, Francis J. White Learning Center, Woodlake Educational Options Program, Woodlake Union High School, and Woodlake Valley Middle School. On April 11, the district took to Facebook to alert the community to a ransomware incident that occurred on April 9. For months, the breach did not show up anywhere, but on September 13, Pysa threat actors added it to their leak site, noting the incident as April 8. As they tend to do, Pysa dumped a lot of data. In this case, the data dump seemingly should have contained 77 parts that included more than 16 GB of files, compressed. Some parts seem to have been omitted from the dump, however, raising questions and concerns as to what might be in the parts that were not dumped. The files that were dumped contained a lot of personal and sensitive information of students and employees. The following sections describe just some of what DataBreaches.net found in plain text files available to anyone and everyone.


Central Restaurants Group in Thailand Hit by Desorden Cyber Gang

Permalink - Posted on 2021-10-26 14:00

The Desorden threat actors have been busy, it seems, as they have announced an attack on Central Restaurants Group (CRG) in Thailand. The attack, with proof of claim, was posted on a popular hacking forum and sent to DataBreaches.net. The proof of claim files included membership card details of Mister Donut, employee details, daily sales records of what they describe as thousands of restaurant outlets, and vendor purchase order details.


Colorado: Nearly 30,000 Former and Current CU Boulder Students' Personal Information Hacked

Permalink - Posted on 2021-10-26 14:00

The University of Colorado Boulder is sending emails to roughly 30,000 former and current students that have been impacted by a data breach, according to a release from the university. The university said the third-party software, provided by Atlassian, had a vulnerability that impacted a program used by the Office of Information Security. The office did an analysis that showed some data was accessed by a hacker. The personal information included names, student ID numbers, addresses, dates of birth, phone numbers and genders.


Canada: Government Data Breach Exposes Afghans to More Danger

Permalink - Posted on 2021-10-26 14:00

The names of several hundred vulnerable Afghans seeking refuge from the Taliban were recently leaked in emails sent in error by Immigration, Refugees and Citizenship Canada (IRCC), CBC News has learned. The Afghans in question fear reprisals from the Taliban, who took over the country in August. Some are in hiding because of past roles in the Afghan government, armed forces, judiciary, or as human rights or women's rights activists. One email seen by CBC News listed 200 names. Not only did names and emails appear but also, in some cases, faces could be seen. The risks of such a release are serious. It would only be necessary for the Taliban to see a single copy of the email to obtain all 200 names.


Majority of U.S. Business Executives Have Been Targeted by Malicious Cyber Actions

Permalink - Posted on 2021-10-26 14:00

A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans. On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US) on today's cybersecurity threats. The research -- including insight from those in CEO, CISO, and other leadership roles -- suggests that nearly all US executives have come across at least one cybersecurity event over the past year, 98%, in comparison to 84% internationally. According to Deloitte's research, 86% of US executives have noticed an uptick in attack attempts, a higher climb than that experienced by 63% of leadership worldwide. Despite the ongoing risk of cyberattacks, US enterprise firms are not up to par when it comes to implementing defense and incident response initiatives. In total, 14% of US executives have no such plans, in comparison to 6% of non-US executives. Problems including data management issues, infrastructure complexities, failures to keep up with technological advances, and missteps in prioritizing cybersecurity are all cited as challenges in coming up with workable cybersecurity plans.


Third-Party Data Breach in Singapore Hits Healthcare Provider

Permalink - Posted on 2021-10-26 14:00

Fullerton Health says its third-party vendor, which platform facilitates appointment booking, had suffered a security breach first detected on October 19 that compromised patients' personal data, including name and contact details as well as bank account information.


PHI of 24,891 Specialty Surgery Center of Central New York Patients Potentially Compromised

Permalink - Posted on 2021-10-26 14:00

Syracuse ASC, dba Specialty Surgery Center of Central New York, has started notifying 24,891 patients that some of their protected health information (PHI) was potentially accessed by unauthorized individuals who gained access to its computer systems. The breach was identified by Syracuse ASC around March 31, 2021, and steps were immediately taken to secure its systems and prevent further unauthorized access. A third-party cybersecurity firm was engaged to assist with the forensic investigation, which concluded on April 30, 2021, and determined the hackers accessed parts of its systems that contained PHI. A second investigation was conducted to determine which individuals’ PHI had been exposed. A list of individuals potentially affected by the incident was obtained on August 16, 2021, with the delay in issuing notifications due to a “substantial data validation process to verify the accuracy of the data.” The file review confirmed names may have been compromised along with limited health information, but no evidence was found to indicate any actual or attempted misuse of data on the compromised systems.


Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Permalink - Posted on 2021-10-26 14:00

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service. Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills.


72% of Organizations Hit by DNS Attacks in the Past Year

Permalink - Posted on 2021-10-26 14:00

Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover.


Suspected Cyber Attack Temporarily Disrupts Gas Stations Across Iran

Permalink - Posted on 2021-10-26 14:00

A software glitch believed to have been caused by a cyberattack has disrupted gas stations across Iran and defaced gas pump screens and gas price billboards. The incident, which took place earlier this morning, impacted the IT network of NIOPDC, a state-owned gas distribution company that manages more than 3,500 gas stations across Iran.


Despite Spending Millions on Bot Mitigation, 64% of Organizations Lost Revenue Due to Bot Attacks

Permalink - Posted on 2021-10-25 13:00

A Kasada survey covers the state of bot mitigation exclusively from the perspective of organizations already using anti-bot solutions. 64% of organizations lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months. A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more, and 44% of respondents say it costs their organization $250,000 or more. 45% of companies surveyed say bot attacks result in more website downtime at their organizations, and about a third say bot attacks result in brand or reputational damage, reduction in online conversions, and more frequent data leaks. bot attacks resulted in an increase in operational or logistical bottlenecks. Researchers found that 77% of companies spent $250,000 or more on mitigating bot attacks within the past 12 months, while 27% spent in-excess of $1 million, resulting in a loss of revenue and increased operational costs. With 80% of executive teams asking about bot attacks within the past 6 months, bot attacks and their effects have become a C-Level concern. As a result, 63% of companies plan to increase their spending on bot prevention over the next 12 months.


Britian: Data Breach Leads to £10 Thousand Fine for Scottish Charity

Permalink - Posted on 2021-10-25 13:00

A prominent Scottish charity has been fined £10,000 for a data protection breach. The action was taken after HIV Scotland sent out an email containing the personal details of dozens of people. The breach involved an email to 105 people, including patient advocates representing people living in Scotland with HIV. All the email addresses were visible to recipients, and 65 identified people by name. The Information Commissioner's Office (ICO) issued the penalty, with the watchdog saying that an assumption could be made about individuals' HIV status or risk from the personal data disclosed.


44% of Healthcare Organizations Don't Have Full Visibility into Security Access

Permalink - Posted on 2021-10-25 13:00

The healthcare industry is extensively targeted by cyber actors and the industry experiences four times the number of data breaches as other industry sectors and the threat is growing. A recent Bitglass study suggests a 55% increase in healthcare data breaches in the United States during the pandemic. SecureLink’s study, the results of which were published in the report, A Matter of Life and Death: The State of Critical Access Management in Healthcare, confirmed that many of those breaches involved third-party access to systems. 44% of healthcare and pharmaceutical organizations that responded to the survey said they had suffered at least one cybersecurity incident that was either directly or indirectly caused by a third-party partner. Vendors and third parties supply many of the components that allow healthcare system to function and with so many third-party components, the attack surface is large. Even though the risk of a third-party data breach is high, the survey revealed only 41% of surveyed healthcare companies had a complete inventory of third parties that have been provided with access to their networks.


South Korea: Large DDoS Attack Shuts Down KT's Nationwide Network

Permalink - Posted on 2021-10-25 13:00

South Korea telco KT said on Monday that the temporary nationwide shutdown of its network earlier today was caused by a large-scale distributed denial-of-service (DDoS) attack. Customers who use the telco's network were unable to access the internet for around 40 minutes at around 11am on Monday. Users were unable to use credit cards, trade stocks, or access online apps during that time period. Some large commercial websites were also shut down during the outage.


Threat Actors Offer for Sale Data for 50 Millions of Moscow Drivers

Permalink - Posted on 2021-10-25 13:00

Bad news for Russian drivers, threat actors are selling a database containing 50 million records belonging to Moscow drivers on a hacking forum for only $800. The threat actors claim to have obtained the data from an insider in the local police, they published a sample of database records containing model of the car, its registration and VIN number, date of registration, engine power, name of the owner, date of birth, and phone number. Stolen data spans from 2006 and 2019, local media outlets have confirmed their authenticity. Threat actors are also offering a file containing information from 2020 to those that will buy the database.


Companies That Pay Ransomware Attackers Get Thumbs Down from Consumers

Permalink - Posted on 2021-10-25 13:00

One of the biggest questions faced by an organization hit by ransomware is whether to pay the ransom. Many do pay simply because they feel it's the quickest and easiest way of getting back to business. But that strategy is not one favored by many consumers, some of whom would avoid a company that's not only victimized by ransomware but ends up paying the ransom. Survey results released Monday by data management firm Cohesity reveal how consumers feel about organizations that suffer a ransomware attack. Commissioned by Cohesity and conducted by Propeller Insights in August 2021, the survey elicited responses from more than 1,000 U.S. consumers between the ages of 18 through 75, and older, all of whom have heard of ransomware. Among the respondents, 81% said they were familiar with the recent ransomware attacks on Colonial Pipeline, JBS Holdings, Kaseya, SolarWinds and U.S. hospitals. Some 22% said that a company with which they do business had been hit by ransomware, while 21% believe their own company had been hurt by an attack. Those surveyed pointed to government, financial services and insurance, oil and energy, healthcare and pharmaceutical, and technology as the top industries most vulnerable to ransomware. Some 40% of the respondents, said they think that organizations hit by ransomware should not pay the ransom. More than half of those surveyed said that companies that do pay the ransom encourage more ransomware and cybercriminals. And 43% believe that ransom payments increase the prices consumers pay for goods and services. An organization that pays a ransom risks a bad reputation with consumers. Some 23% of those surveyed said they'd stop doing business with a company that paid a ransom. Further 48% couldn't say whether or not they'd stop doing business but indicated this as a great concern and would give it a lot of thought.


44% of Healthcare, Pharmaceutical Organizations Experienced Breaches Caused by Third-Parties in Last Year

Permalink - Posted on 2021-10-22 15:00

SecureLink, a leader in critical access management, has released a new report titled “A Matter of Life And Death: The State of Critical Access Management in Healthcare,” revealing that third-party attacks in healthcare are on the rise and fundamentally threaten not just highly sensitive medical data, but patient care. The report, which includes data from research conducted in partnership with Ponemon Institute, reveals that within the last year, 44% of healthcare and pharmaceutical organizations experienced a data breach caused by a third party – posing compliance, reputational, and financial risks.


170,000 Patients Exposed in Alliance Dental Practices Breach Caused by Vendor

Permalink - Posted on 2021-10-22 16:00

For the second time in the past year, an alliance serving dental practices has been hit with a cyberattack. Last year’s attack impacted patients at Kids First Dentistry & Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut. They reported a ransomware attack on First Impressions Orthodontics impacted their patients. So far, more than 170,000 patients have reportedly been notified of the NADM breach. It is not yet clear why it took six months from the incident to provide notice to patients and HHS.


Swiss Exhibitions Organizer MCH Group Hit by Cyber Attack

Permalink - Posted on 2021-10-22 15:00

Swiss events organizer and marketing company MCH Group was hit by a malware attack on Wednesday (October 20), and says it is working to get systems up and running again. This is just the latest in a series of cyber-attacks to hit targets in Switzerland in recent weeks. Earlier this week, the Easygov federal portal was hacked, and the names of around 130,000 companies who applied for emergency financial credit during the pandemic were accessed. The municipal authorities of the Swiss town of Montreux, Stadler Rail, and price comparison website Comparis have also been targeted, and in August the personal data of the entire population of the town of Rolle was reportedly exposed online.


Customer Services Firm Atento Hit by Cyber Attack

Permalink - Posted on 2021-10-22 15:00

Business process outsourcing (BPO) and customer relationship management multinational Atento has been hit by a cyberattack, with the greatest impact seen in Brazil, its largest operation in Latin America. The Madrid-headquartered firm informed its customers on Sunday (17) about the attack against its systems in Brazil, which caused an interruption of service as the company sought to contain and evaluate the extent of the threat, according to local news website Neofeed.


Italian Celebs' Data Exposed in Ransomware Attack on SIAE

Permalink - Posted on 2021-10-22 15:00

The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country’s copyright protection agency. SIAE has not answered BleepingComputer's emails asking for clarifications on the scale of the impact. However, BleepingComputer has found a listing on the extortion portal of the Everest ransomware gang, where the actors claimed to have breached SIAE and have leaked 60 GB of stolen data. The data leaked by the Everest gang includes national ID and driver's license scans and documents relevant to contract agreements between SIAE and its members.


SCUF Gaming Store Hacked to Steal Credit Card Information of 32,000 Customers

Permalink - Posted on 2021-10-22 15:00

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information. While the company didn't disclose the number of impacted people in the notification letters, it told the Office of the Maine Attorney General that 32,645 individuals were affected in total.


Data Scrapers Expose 2.6 Million Instagram and TikTok Users

Permalink - Posted on 2021-10-21 15:00

Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online by an analytics firm, Infosecurity can reveal. A team at reviews site SafetyDetectives led by Anurag Sen found the data located on a misconfigured Elasticsearch server, left exposed without any password protection or encryption in place. It quickly traced the 3.6GB trove of more than 2.6 million TikTok and Instagram profiles to IGBlade, a firm that provides marketing insights on social media users for its customers.


72% of Organizations Experienced a DNS Attack in the Last Year

Permalink - Posted on 2021-10-21 15:00

Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the last 12 months, according to a new study by the Neustar International Security Council (NISC). Of those organizations affected, 61% were targeted on multiple occasions, while 11% have been victimized regularly. While Neustar noted that DNS attacks are generally a lower concern for security pros than vectors like ransomware, distributed denial-of-service (DDoS) and targeted account hacking, they are becoming increasingly menacing to organizations. According to its latest study, 55% of security professionals consider DNS compromise an increasing threat; this compares to 47% in October 2020. The most common types of DNS attacks experienced were DNS hijacking (47%), DNS flood, reflection or amplification attacks that segued into DDoS (46%), DNS tunneling (35%) and cache poisoning (33%). The 302 security professionals from six EMEA and US markets included in the survey were also asked about the damage caused by these incidents. Among those organizations targeted, 58% saw their businesses disrupted for over an hour, 14% took several hours to recover. However, around one-third were able to recover within minutes.


Ransomware Hits U.S. Candymaker Ahead of Halloween

Permalink - Posted on 2021-10-21 15:00

A major U.S. candy company is struggling to fill orders before Halloween after ransomware hackers encrypted its systems. Ferrara, the Chicago-based manufacturer of candies like SweeTarts, Laffy Taffy, Nerds, Red Hots, Lemonhead candies, Boston Baked Beans, Atomic Fireballs, Pixy Stix and Everlasting Gobstoppers, has been able to resume production only “in select manufacturing facilities,” a spokesperson said in an emailed statement Wednesday.


Canada: Hackers Leak Police Takedown Video, Medical Records in Durham Region Breach

Permalink - Posted on 2021-10-20 14:00

A CTV News Toronto investigation has discovered that a data breach at the Durham Regional government is much larger than already known, including medical reports, complaints about medical treatment, and potential evidence in a criminal case. That data, including security camera video that shows a man’s arrest on a Durham Regional Transit bus by Toronto Police officers, is the kind of thing that should have been encrypted to protect privacy in case of a hostile cyberattack, says Ontario’s former information and privacy commissioner, Ann Cavoukian.


Organizations Lack Basic Cyber Security Practices to Combat the Growing Tide of Ransomware

Permalink - Posted on 2021-10-20 14:00

Organizations are not equipped to defend against ransomware due to deficiencies in implementing and sustaining basic cybersecurity practices, including managing privileged administrator credentials and ensuring visibility of supply chain risk, an Axio research report reveals. Overall, most organizations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include: Nearly 80% of organizations responded that they have not implemented or have only partially implemented a privileged access management solution; Only 36% of respondents indicated that they audit the use of service accounts, a type of privileged account, on a regular basis; Only 26% of respondents deny the use of command-line scripting tools (such as PowerShell) by default; 69% of organizations indicated that they do not limit access to the internet for their Windows domain controller hosts; Only 29% of respondents evaluate the cybersecurity posture of external parties prior to allowing them access to the organization’s network; Only 50% of respondents conduct user awareness training for employees on email and web-based threats, such as spear-phishing and watering hole attacks, on an annual basis.


Cyber Incident Impact Sits at Over $500,000 for Half of Small to Medium APAC Businesses

Permalink - Posted on 2021-10-20 14:00

51% of Asia Pacific small to medium-sized businesses that were hit with a cyber incident in the past year saw the cost of that incident exceed $500,000, according to a survey conducted by Cisco. Sampling 3,750 businesses employing between 10 and 999 employees in 14 countries around the region, Cisco said 83% reported an incident in excess of $100,000, and 13% had an incident cost more than $1 million. The survey was conducted between April and July. In Australia, where 306 qualifying businesses responded, the numbers were more stark, with 64% reporting an incident costing over $500,000, and 33% saying they were hit more than $1 million in cost. For businesses that ran simulation exercises, Cisco said 85% of respondents found issues in their defences.


Acer Confirms Breach of Servers in Taiwan

Permalink - Posted on 2021-10-20 14:00

Taiwanese tech giant Acer has confirmed that, in addition to servers in India, hackers breached some of its systems in Taiwan. Acer initially confirmed that some of its servers in India had been hacked after a group called Desorden claimed to have stolen more than 60 gigabytes of data from Acer India. The hackers claimed to have obtained information on millions of customers, login credentials used by thousands of retailers and distributors, and various corporate and financial documents. Acer immediately confirmed the breach of its Indian servers, but described it as an isolated attack targeting its after-sales service systems in India.


Missouri Budget Officials Outline $50 Million Cost of Data Breach

Permalink - Posted on 2021-10-20 14:00

Help for roughly 100,000 teachers whose Social Security numbers were made vulnerable in a massive state data breach could cost Missouri as much as $50 million, the governor’s office confirmed Tuesday. The estimate includes the cost of credit monitoring and a call center to help affected teachers.


Data Breaches Reported by PracticeMax and UMass Memorial Health

Permalink - Posted on 2021-10-20 14:00

Anthem health plan members with End Stage Kidney Disease who are enrolled in the VillageHealth program have been notified that some of their protected health information has potentially been compromised in a ransomware attack. VillageHealth helps Anthem plan members through care coordination between the dialysis center, nephrologists, and providers and shares the results with Anthem via its vendor, PracticeMax. PracticeMax, a provider of business management and information technology solutions to healthcare organizations, identified the attack on May 1, 2021. The investigation revealed the attackers gained access to its systems on April 17, 2021, with access possible until May 5, 2021. PracticeMax said it regained access to its IT systems the following day. A forensic investigation of the attack confirmed one server was affected that contained protected health information (PHI) which may have been accessed and acquired by the attackers.


81% of U.K. Healthcare Organizations Hit by Ransomware in Last Year

Permalink - Posted on 2021-10-20 14:00

More than four-fifths (81%) of UK healthcare organizations suffered a ransomware attack in the last year, according to a new study by Obrela Security Industries. The survey of 100 cybersecurity managers in the health sector found that 38% of UK healthcare organizations have elected to pay a ransom demand to get their files back. However, 44% revealed they had refused to pay a demand but lost their healthcare data as a result. The study also examined the broader consequences of cyber-attacks on healthcare organizations. Close to two-thirds (64%) of respondents admitted their organization has had to cancel in-person appointments because of a cyber-attack. Even more worryingly, 65% believe that a cyber-attack on their systems could lead to loss of life.


England: Center for Computing History Exposes Customer Data

Permalink - Posted on 2021-10-20 14:00

The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed. The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC." The Information Commissioner's Office was informed of the breach yesterday morning, confirmed receipt of the notification and is processing this.


VPN Provider's Misconfiguration Exposes One Million Users

Permalink - Posted on 2021-10-20 14:00

At least one million users of a Chinese-run VPN service have had their personally identifiable information (PII) exposed due to a misconfigured Elasticsearch server, Infosecurity can reveal. The privacy concern affects Quickfox, a free VPN used mainly by the Chinese diaspora to visit sites otherwise inaccessible from outside mainland China, according to reviews site WizCase. Unfortunately, Quickfox owner Fuzhou Zixun Network Technology had not adequately configured its Elastic Stack security, leaving an Elasticsearch server exposed and accessible – with no password–protection or encryption enforced. The 100GB trove found by the researchers contained 500 million records, including PII on one million users and system data on 300,000 customers. WizCase told Infosecurity that the server has yet to be secure.


Kemper Proposes $17.6 Million Settlement of Data Breach Claims

Permalink - Posted on 2021-10-19 15:00

Kemper Insurance has proposed to settle a class action stemming from two data breaches in a deal valued at about $17.6 million. The dual breaches could have compromised the personal information of an estimated 6.1 million customers and employees. The breach incidents occurred on December 14, 2020 and March 25, 2021 and were announced by the insurer in March and May 25, 2021. The class action and settlement also involve Infinity Insurance Co., a subsidiary that sells nonstandard auto policies and was acquired by Kemper in 2018. Kemper offers home, life, auto, business, property and umbrella insurance. The settlement has been accepted by the plaintiffs but must still be approved by Judge Martha M. Pacold of the federal court for the Northern District of Illinois.


Hacker Steals Government ID Database for Argentina's Entire Population

Permalink - Posted on 2021-10-19 15:00

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities. This included details for the country’s president Alberto Fernández, multiple journalists and political figures, and even data for soccer superstars Lionel Messi and Sergio Aguero. A day after the images and personal details were published on Twitter, the hacker also posted an ad on a well-known hacking forum, offering to look up the personal details of any Argentinian user.


University Hospital Newark Notifies 9,000 Individuals About Historic Insider Data Breach

Permalink - Posted on 2021-10-19 15:00

University Hospital Newark (NY) has discovered the protected health information of thousands of patients has been accessed by a former employee without authorization over the course of a year. That information was subsequently disclosed to other individuals who were also not authorized to view the information. Insider breaches such as this are fairly common, although what makes this case stand out is when the access occurred. In its substitute breach notice, University Hospital Newark said the unauthorized access occurred between January 1, 2016, and December 31, 2017.


83% of Ransomware Victims Pay the Demand

Permalink - Posted on 2021-10-19 15:00

More than four in five (83%) ransomware victims in the last 12 months felt they had no option but to pay the extortion demand to restore their data, according to a new report by ThycoticCentrify. The study, which was based on a survey of 300 US IT business decision-makers, also found that close to two-thirds (64%) of companies were victims of ransomware attacks in the last 12 months. The latest research demonstrates rising ransomware cases and extortion payments since the start of the COVID-19 pandemic. These findings are particularly worrying given so many victim organizations didn't feel like they had any choice other than pay the demand once their data was encrypted, showing how effective this tactic is. The research further highlighted the substantial damage caused to organizations by ransomware attacks. Half (50%) of respondents said their company had experienced a loss of revenue and reputational damage from an attack, and 42% admitted they lost customers due to an attack. Additionally, around one-third attributed the ransomware attack as the cause for employee layoffs. The most vulnerable vectors for ransomware attacks are email (53%), applications (41%) and the cloud (38%), according to the IT business decision-makers surveyed.


Phishing Attack on Business Associate Affects Tens of Thousands of Professional Dental Alliance Patients

Permalink - Posted on 2021-10-18 14:00

Professional Dental Alliance, a network of dental practices affiliated with the North American Dental Group, has notified tens of thousands of patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual between March 31 and April 1, 2021. Professional Dental Alliance says the breach occurred at its vendor North American Dental Management. Steps were immediately taken to secure the affected accounts and prevent further unauthorized access. An investigation was launched which revealed several email accounts were accessed by an unauthorized individual after employees responded to phishing emails.


Popular Student Monitoring Software Could Have Exposed Thousands to Hacks

Permalink - Posted on 2021-10-18 14:00

A monitoring company that thousands of schools used during remote and hybrid learning to ensure students were on task may have inadvertently exposed millions of kids to hackers online, according to a September report by the security software company McAfee. The research, conducted by the McAfee Enterprise Advanced Threat Research team, discovered the bug in the Netop Vision Pro Education software, which is used by some 3 million teachers and students across 9,000 school systems globally, including in the U.S. The software allows teachers to monitor and control how students use school-issued computers in real time, block websites, and freeze their computer screens if they’re found to be off task. This is the second time in less than a year that McAfee researchers have found vulnerabilities in Netop’s education software—glitches that hackers could exploit to gain control over students’ computers, including their webcams and microphones. It’s unclear whether the software had been breached by anyone other than the researchers.


Sinclair TV Stations Crippled by Ransomware Attack

Permalink - Posted on 2021-10-18 14:00

Sinclair Broadcast Group has confirmed that it was hit by a ransomware attack over the weekend detailed in a press release and SEC filing. Sinclair also said attackers have also stolen data from the company's network. Sources have told BleepingComputer that a ransomware attack caused these significant technical issues. The attackers have been able to impact many TV stations via Sinclair's corporate Active Directory domain.


Ransomware Stole $590m in the First Half of 2021

Permalink - Posted on 2021-10-18 14:00

Ransomware extracted at least $590 million for the miscreants who create and distribute it in the first half of 2021 alone – more than the $416 million tracked in all of 2020, according to the US government’s Financial Crimes Enforcement Network (FinCEN). Total ransomware-related financial activity may have reached $5.2 billion.


3D Printing Site Thingiverse Suffers Major User Data Breach

Permalink - Posted on 2021-10-15 15:00

About 228,000 users of popular 3D printing platform Thingiverse have reportedly had their authentication details stolen and published on the dark web. The news of the leak doesn’t come from Thingiverse itself, but rather from Have I Been Pwned (HIBP), which got hold of the leaked details of the compromised accounts after receiving a tip last week.


Brazilian Insurance Giant Porto Seguro Hit by Cyber Attack

Permalink - Posted on 2021-10-15 15:00

The company reported the incident to the Securities and Exchange Commission (CVM) on Thursday (14), saying that it "promptly activated all security protocols" and that it has been gradually restoring its operating environment and working towards resuming normal business as soon as possible. Third largest insurance company in Brazil, Porto Seguro leads the car and residential insurance segments in Brazil and has around 10 million clients across its various business lines including credit provision. The company is the latest of a list of major Brazilian organizations suffering major security incidents over recent weeks. Earlier this month, CVC, one of the country's largest travel operators, was hit by a ransomware attack that brought its operations to a standstill.


70% of Businesses Can't Ensure the Same Level of Protection for Every Endpoint

Permalink - Posted on 2021-10-15 14:00

A Deep Instinct research, which seeks to discover the cybersecurity concerns keeping CISO’s and SecOps professional up at night, found that 86% of UK respondents believe it is not possible to fully prevent ransomware and malware attacks from compromising their organizations defenses. It also found that the rise in the number of endpoints that businesses need to protect continues to be a key source of risk exposure. When examining the challenges facing organizations in detecting threats present within the network, 24 percent of respondents cited the volume of false positives as being one of the biggest barriers, – higher than the global average of 18 percent. However, 47% said that the lack of threat prevention specific to the volume of never-before-seen malware was the top concern.


Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.

Permalink - Posted on 2021-10-15 14:00

Several U.S. government agencies issued a joint alert on Thursday to warn organizations in the water and wastewater sector about ongoing cyberattacks. The alert also describes three previously unreported ransomware attacks that impacted industrial control systems (ICS) at water facilities.


Olympus Investigates Potential Cyber Attack

Permalink - Posted on 2021-10-15 14:00

Olympus has launched an investigation after detecting a potential cybersecurity incident in part of its IT system. The Japanese manufacturer of optics and reprography products said that suspicious activity was spotted on October 10. The possible threat affects the company’s systems in the United States, Canada, and Latin America. Digital forensics experts are looking into the security issue, which Olympus said is “working with the highest priority to resolve.” While the company has not confirmed the specific nature of the cybersecurity incident, Olympus said it was working to contain the threat. Part of the company’s response has been to shut down the systems that were affected.


Osteopathic Professional Group Reports Year-Old Breach

Permalink - Posted on 2021-10-15 14:00

The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information. The medical professional organization says workforce challenges during the pandemic led to the delayed identification of people affected by the data breach. In a breach report submitted on Wednesday to the state of Maine's attorney general office, AOA says the incident affected about 27,500 individuals, including 209 Maine residents. The Chicago-based non-profit professional association says it represents 151,000 osteopathic physicians and medical students across the U.S.


Accenture Confirms Data Breach After August Ransomware Attack

Permalink - Posted on 2021-10-15 14:00

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021. This was revealed in the company's financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021. ven though Accenture has now confirmed that the attackers stole information from its systems and leaked it online, the company has not yet publicly acknowledged the data breach outside SEC filings or filed data breach notification letters with relevant authorities.


Missouri Teachers' Social Security Numbers Exposed on State Website

Permalink - Posted on 2021-10-14 15:00

The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.


Israeli Hospital Cancels Procedures Following Ransomware Attack

Permalink - Posted on 2021-10-14 15:00

Hillel Yaffe resorts to logging admissions with pen and paper while being unable to conduct non-urgent procedures. With patients being turned away, the Laniado Hospital in Netanya said it was coordinating with the Magen David Adom ambulance service and was ready to receive those who needed treatment that was not available at Hillel Yaffe due to the attack.


Thingiverse Data Leak Affects 228,000 Subscribers

Permalink - Posted on 2021-10-14 15:00

Thingiverse, a website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information, confirms Troy Hunt, creator of the Have I Been Pwned data breach notification service, citing the circulation of this data set on a popular hacking forum. After analyzing the data file from the hacking forum, Hunt tells Information Security Media Group that the backup file was dumped publicly exactly a year ago on Oct. 13, 2020, and has remained exposed ever since. He adds that the leaked data appears to be a MySQL database that contains more than 255 million lines of data. "The earliest date stamps in the data set appear to go back about a decade, however, I’ve not analyzed it closely enough," says Hunt. Hunt says of the leaked data, "There is data on the 3D models that are publicly accessible, but there are also email and IP addresses, usernames, physical addresses and full names."


7-Eleven Breached Customer Privacy by Collecting Facial Imagery Without Consent

Permalink - Posted on 2021-10-14 15:00

In Australia, the country's information commissioner has found that 7-Eleven breached customers' privacy by collecting their sensitive biometric information without adequate notice or consent. From June 2020 to August 2021, 7-Eleven conducted surveys that required customers to fill out information on tablets with built-in cameras. These tablets, which were installed in 700 stores, captured customers' facial images at two points during the survey-taking process -- when the individual first engaged with the tablet, and after they completed the survey. After becoming aware of this activity in July last year, the Office of the Australian Information Commissioner (OAIC) commended an investigation into 7-Eleven's survey. During the investigation, the OAIC found 7-Eleven stored the facial images on tablets for around 20 seconds before uploading them to a secure server hosted in Australia within the Microsoft Azure infrastructure. The facial images were then retained on the server, as an algorithmic representation, for seven days to allow 7-Eleven to identify and correct any issues, and reprocess survey responses, the convenience store giant claimed.


Acer Confirms Breach of After-Sales Service Systems in India

Permalink - Posted on 2021-10-14 15:00

Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called "an isolated attack." While Acer didn't provide details regarding the attackers' identity behind this incident, a threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer's servers. The allegedly stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. As proof, the threat actor provided a video showcasing the stolen files and databases, the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.


University of Sunderland Announces Outage Following Cyber Attack

Permalink - Posted on 2021-10-14 15:00

The University of Sunderland in the UK has announced extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack. The first signs of disruption for the university’s IT systems appeared in Tuesday morning, but remain widely impactful and unresolved. The attack appears to have taken down all telephone lines, the official website, the main email servers, library WiFi, on-premise PC/laptop access, printing, and all online portals that students use for accessing eBooks, journals, and other services.


Ransomware Attacks Preparedness Lagging, Despite Organizations Being Aware of the Risks

Permalink - Posted on 2021-10-13 15:00

Hornetsecurity released the results of a global study of IT professionals on their preparedness for ransomware attacks. Survey data showed that although companies are increasingly aware of the risks ransomware poses, many organizations lack proper protection and prevention measures. 1 in every 5 companies falls victim to ransomware attacks – Twenty-one percent of respondents indicated that their organization has suffered a ransomware attack, confirming that it remains one of the most prolific forms of cybercrime. In addition to system downtime, ransomware attacks can be costly. Attacks often require ransom payments, lengthy data recovery efforts, and long-term damage to companies’ reputations. Half of respondents indicated that their management team delegates cyber preparedness to its IT department – Although 86.9% of respondents indicated that their senior leadership team is aware of ransomware risks, nearly half reported that preparation and prevention measures are delegated to the company’s IT department. Because of the significant risks ransomware attacks pose, cyber protection and prevention policies should be company-wide priorities and not relegated to the IT department.


New Jersey: Settlement Reached with Fertility Clinic Over Cyber Security Lapses and Data Breach

Permalink - Posted on 2021-10-13 14:00

Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs today announced that a healthcare provider focused on the diagnosis and treatment of infertility will pay $495,000 and implement new data security measures following a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The settlement resolves the state’s investigation into Diamond Institute for Infertility and Menopause, LLC (“Diamond”), which is based in Millburn, Essex County. Diamond operates two healthcare practices in New Jersey (in Millburn and Dover) and one in New York, and offers consultation services in Bermuda. The data breach allowed multiple instances of unauthorized access to Diamond’s network between August 2016 and January 2017, giving at least one intruder access to consumer electronic protected health information (“ePHI”).


Verizon-Owned Visible Network Suffers Suspected Data Breach

Permalink - Posted on 2021-10-13 14:00

Social media sites, especially the Visible subreddit, are currently flooded with reports of Visible accounts being hijacked. In most cases, the email address associated with the account is reset by an unknown attacker, then the payment method on the account is used to order a phone.


350,000 Patients of ReproSource Fertility Diagnostics Affected by Ransomware Attack

Permalink - Posted on 2021-10-13 14:00

Malborough, MA-based ReproSource Fertility Diagnostics has suffered a ransomware attack in which hackers gained access to systems containing the protected health information of approximately 350,000 patients. ReproSource is a leading laboratory for reproductive health that is owned by Quest Diagnostics. ReproSource discovered the ransomware attack on August 10, 2021 and promptly severed network connections to contained the incident. An investigation into the security breach confirmed the attack occurred on August 8. While it is possible that patient data was exfiltrated by the attackers prior to the deployment of ransomware, at this stage no evidence of data theft has been identified. A review of the files on the affected systems was completed on September 24 and revealed they contained the following types of protected health information: Names, phone numbers, addresses, email addresses, dates of birth, billing and health information (CPT codes, diagnosis codes, test requisitions and results, test reports and/or medical history information), health insurance or group plan identification names and numbers, and other information provided by individuals or by treating physicians. A small subset of individuals may have had driver’s license number, passport number, Social Security number, financial account number, and/or credit card number exposed.


Password-Stealing Attacks Surge 45% in Six Months

Permalink - Posted on 2021-10-13 14:00

Attacks using password-stealing malware have surged by 45% over the past six months, highlighting the continued need for additional log-in security measures, according to Kaspersky. The Russian AV vendor analyzed incidents of Trojan-PSW – a specialized stealer capable of gathering login and other account information. It noted 160,000 more targets in September 2021 than April, with the total number reaching nearly half a million. That’s an increase of 45%.


Former Executive Accessed PHI of Nearly 38,000 Individuals

Permalink - Posted on 2021-10-13 14:00

Texas-based accountable care organization Premier Patient Healthcare in a report filed on Friday to the Maine attorney general's office, described the June 2020 incident - discovered in April 2021 - as "insider wrongdoing, loss or theft of device or media (computer, laptop, external hard drive, thumb drive, CD, tape, etc.).” An attorney representing Premier declined Information Security Media Group's request for clarification about the incident, including whether the breach involved both a former company executive and a vendor, and whether the incident involved access to PHI contained on a mobile computing/storage device, as indicated in the report submitted to Maine's attorney general.


Customers on Alert as E-Commerce Player Leaks 1.7+ Billion Records

Permalink - Posted on 2021-10-13 14:00

A Brazilian e-commerce firm has unwittingly exposed close to 1.8 billion records, including customers’ and sellers’ personal information, after misconfiguring an Elasticsearch server, according to researchers. A team at SafetyDetectives led by Anurag Sen made the discovery in June and quickly traced the leak back to Hariexpress — a firm that allows vendors to manage and automate their activity across multiple marketplaces, including Facebook and Amazon. Although the firm replied to the researchers just four days after they alerted it to the leak in early July, it was subsequently uncontactable. Infosecurity is currently trying to confirm if the issue has been fixed or not.] The server was left unencrypted with no password protection in place. It contained 610GB of data, including customers’ full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF). SafetyDetectives could not confirm the total number of those affected due to the size of the trove and the potential for duplicate email addresses.


Over 90% of Firms Suffered Supply Chain Breaches Last Year

Permalink - Posted on 2021-10-12 15:00

Some 93% of global organizations have suffered a direct breach due to weaknesses in their supply chains over the past year, according to BlueVoyant. The cybersecurity services company polled 1200 IT and procurement leaders responsible for supply chain and cyber-risk management from global companies with 1,000+ employees to compile its report: Managing Cyber Risk Across the Extended Vendor Ecosystem. It revealed the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase. Although the percentage of companies that don’t consider third-party risk a priority has fallen from 31% last year to 13% in 2021, the number who admit they have no way of knowing if an incident has occurred in their supply chain rose from 31% to 38%. In addition, while 91% of respondents said budgets were increasing this year to help tackle the risk, investments don’t seem to be making an impact.


Cyber Attack Shuts Down Ecuador's Largest Bank, Banco Pichincha

Permalink - Posted on 2021-10-12 15:00

Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack's spread to other systems. The shut down of systems has led to widespread disruption for the bank, with ATMs no longer working and the online banking portals showing maintenance messages.


Quest-Owned Fertility Clinic Announces Data Breach After August Ransomware Attack

Permalink - Posted on 2021-10-12 15:00

Quest Diagnostics has informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company. The ransomware attack led to a data breach, exposing a significant amount of health and financial information for about 350,000 ReproSource patients. In a statement to ZDNet, Quest said ReproSource provided notice that it experienced a data security incident in which an unauthorized party may have accessed or acquired the protected health information and personally identifiable information of some patients.


Olympus U.S. Systems Hit by Cyber Attack Over the Weekend

Permalink - Posted on 2021-10-12 15:00

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021. The company did not disclose if customer or company data was accessed or stolen during the "potential cybersecurity incident," but said that it would provide new information regarding the attack as soon as it's available.


Ransomware Cost U.S. Companies Almost $21 Billion in Downtime in 2020

Permalink - Posted on 2021-10-12 15:00

An analysis of 186 successful ransomware attacks against businesses in the United States in 2020 has shown that the companies lost almost US$21 billion due to attack-induced downtime, according to technology website Comparitech. Compared to 2019, the number of disclosed ransomware attacks skyrocketed – by 245%. “Our team sifted through several different resources—specialist IT news, data breach reports, and state reporting tools—to collate as much data as possible on ransomware attacks on US businesses. We then applied data from studies on the cost of downtime to estimate a range for the likely cost of ransomware attacks to businesses,” Comparitech said explaining its approach. However, it did concede that the figures may be merely a scratch on the surface of the ransomware problem. On average, the affected companies lost nine days in downtime and it took them about two-and-a-half months to investigate the attacks and their impact on the company’s data and its systems. To put into context, Comparitech estimates that, when combined, ransomware attacks caused 340.5 days of downtime and a whopping 4,414 days of investigation. However, the downtimes varied, ranging from recovery efforts taking several months to minimal disruptions especially thanks to solid backup plans. Cybercriminals usually requested ransoms ranging from half a million dollars all the way up to US$21 million. Some attackers also upped the ante by carrying out double-extortion attacks, where they pilfer data from the victims’ systems before going on to encrypt them with ransomware. With researchers estimating that the average cost per minute of downtime is US$8,662 and adding in the reputational damage, it’s no wonder some companies are willing to pay the ransoms as a way to fix the problem quickly. Based on the estimate, the cost of downtime to American business was US$20.9 billion. The analysis also found that the ransomware attacks resulted in over 7 million individual records being pilfered or/and abused, an almost 800% increase compared to the previous years.


Engineering Company Weir Group Discloses Ransomware Hack

Permalink - Posted on 2021-10-11 14:00

Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. The attack took place in the second half of September and forced the company to isolate and shut down some of its systems, including “core Enterprise Resource Planning (ERP) and engineering applications.” The Glasgow, UK-based company says that, while the action it took to contain the incident was prompt and robust, some of the affected applications have not yet been fully restored.


New Mexico: Hospital Hacker Steals Patients’ Data

Permalink - Posted on 2021-10-11 14:00

The IT network of San Juan Regional Medical Center in Farmington was breached by an unauthorized individual in September last year. The attack was reported to the United States Department of Health and Human Services' Office for Civil Rights on June 4 as a network server security incident impacting 68,792 individuals. SJRMC undertook a manual review of the files that had been removed in the cyber-attack. The hospital discovered on July 13, 2021, that those files had contained "the personal and protected health information of certain patients."


Oregon Eye Specialists Discloses Data Breach Following Employee Email Compromise

Permalink - Posted on 2021-10-11 14:00

A US optometry group has disclosed a data breach related to unauthorized activity on internal email accounts. Oregon Eye Specialists, which runs six clinics throughout Portland, said the exposed data includes customers’ names and one or more of the following: dates of birth, dates of service, medical record numbers, financial account information, and health insurance provider names and/or policy numbers.


Pacific City Bank Discloses Ransomware Attack Claimed by AvosLocker

Permalink - Posted on 2021-10-11 14:00

Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. PCB’s internal investigation on what happened was concluded on September 7, 2021, and it revealed that ransomware actors had unfortunately obtained the following information from its systems: Loan application forms; Tax return documents; W-2 information of client firms; Payroll records of client firms; Full names; Addresses; Social Security Numbers; Wage and tax details


Data Breach Reports Rise as Supply Chain Attacks Surge

Permalink - Posted on 2021-10-11 14:00

The Identity Theft Resource Center, a nonprofit organization based in San Diego, says that in the first three quarters of this year, the number of publicly reported data breaches was 17% higher than what was seen for all of 2020. While the number of breach reports issued this year did decline from Q2 to Q3 by 9%, "the trendline continues to point to a record-breaking year for data compromises," it says. Blame breaches that trace to online attacks in particular. For the first three quarters of this year, ITRC saw a 27% rise in breaches attributed to online attacks - and especially due to phishing and ransomware - compared with all of 2020.


The Dallas Independent School District Breach Impacted Almost 800,000

Permalink - Posted on 2021-10-08 15:00

On September 3, this site reported on a breach involving Dallas ISD in Texas. As noted at the time, details were lacking. But now their external counsel has provided notification to the Maine Attorney General’s Office and so we now know more: The breach, which reportedly occurred on June 8, impacted 795,497 individuals.


Silicon Valley VC Firm Leaked "Deal Flow" Data

Permalink - Posted on 2021-10-08 15:00

A Silicon Valley venture capital firm that runs a matchmaking service linking investors with startups exposed 6GB of data, including deal flow information pertaining to investors and startups. The data belongs to Plug and Play Ventures, which is headquartered in Sunnyvale, California, and has offices around the world. Plug and Play helps startups get off the ground and match those companies with investors. The firm itself says it has benefited from early investments in PayPal and Dropbox. The leaked data appears to be a PostgreSQL database for Playbook.vc, a networking and deal flow application from Plug and Play.


Data Breach Reports Rise as Supply Chain Attacks Surge

Permalink - Posted on 2021-10-08 15:00

The Identity Theft Resource Center, a nonprofit organization based in San Diego, says that in the first three quarters of this year, the number of publicly reported data breaches was 17% higher than what was seen for all of 2020. While the number of breach reports issued this year did decline from Q2 to Q3 by 9%, "the trendline continues to point to a record-breaking year for data compromises," it says. Blame breaches that trace to online attacks in particular. For the first three quarters of this year, ITRC saw a 27% rise in breaches attributed to online attacks - and especially due to phishing and ransomware - compared with all of 2020.


Elekta Faces Class Action Lawsuit over Ransomware Attack and Data Breach

Permalink - Posted on 2021-10-08 15:00

A lawsuit has been filed on behalf of a former patient of Northwestern Memorial HealthCare (NMHC) against Elekta Inc. over its April 2021 ransomware attack and data breach. Elekta, a Swedish provider of radiation medical therapies and related equipment data services, is a business associate of many U.S. healthcare providers. Hackers targeted the company’s cloud-based platform that is used to store and transmit healthcare data and were able to access the platform between April 2 and April 20, 2021. The breach was detected when the hackers deployed ransomware.


BrewDog Exposed Data for Over 200,000 Shareholders and Customers

Permalink - Posted on 2021-10-08 15:00

The exposure lasted for over 18 months and the point of the leak was the firm’s mobile app, which gives the ‘Equity Punks’ community access to information, discounts at bars, and more. As detailed in a PenTestPartners report, the problem lies in the app’s API, and more specifically, its token-based authentication system. The security blunder comes from the fact that these tokens were hard-coded into the mobile application instead of being transmitted to it following a successful user authentication event. As such, anyone was free to append any customer ID to the end of the API endpoint URL, and access sensitive PII (personally identifiable information) for that customer.


Engineering Firm Weir Hit by Major Ransomware Attack

Permalink - Posted on 2021-10-08 15:00

One of Scotland's biggest engineering firms has been hit by a hack of its IT systems, costing it millions of pounds. The ransomware attack on Glasgow-based Weir took place last month, forcing it to shut down some operations. In a statement, the mining equipment firm said it had reacted quickly to the "sophisticated" attack, but had been forced to delay shipments worth more than £50m in revenue. It estimated that the incident could cost it as much as £5m.


Almost 54,000 Patients Affected by OSF HealthCare Ransomware Attack

Permalink - Posted on 2021-10-07 15:00

The Peoria, IL-based not-for-profit catholic health system OSF HealthCare has started notifying 53,907 patients about a cyberattack that was discovered on April 23, 2021. OSF HealthCare said upon discovery of the breach, steps were taken to prevent further unauthorized access and a third-party forensic investigator was engaged to conduct an investigation into the attack to determine the extent of the breach. The investigator confirmed the attackers first accessed its systems on March 7, 2021 and access remained possible until April 23, 2021. OSF HealthCare said the attackers accessed certain files on its system that related to patients of OSF HealthCare Little Company of Mary Medical Center and OSF HealthCare Saint Paul Medical Center. On August 24 it was determined the following types of patient data may have been compromised: Names, contact information, dates of birth, Social Security numbers, driver’s license numbers, state/government ID numbers, treatment information, diagnosis information and codes, physician names, dates of service, hospital units, prescription information, medical record numbers, and Medicare/Medicaid or other health insurance information. A subset of patients also had financial account information, credit/debit card information or credentials for an online financial account exposed.


Eskenazi Health Confirms Patient Data Was Stolen in August Ransomware Attack

Permalink - Posted on 2021-10-07 15:00

ndianapolis, IN-based Eskenazi Health has announced it was the victim of a ransomware attack that was detected on or around August 4, 2021. Suspicious activity was detected and the IT team immediately shut down systems to contain the attack. Emergency protocols were implemented, with staff reverting to pen and paper to record patient data. Without access to critical IT systems the decision was taken to go on diversion and ambulances were re-routed from Health & Hospital Corporation of Marion County to alternative facilities.


Ransomware Deployed 2 Minutes After Hackers Gained Access to Johnson Memorial Health's Network

Permalink - Posted on 2021-10-07 15:00

Johnson Memorial Health has announced it was the victim of a ransomware attack on October 1, 2021. The attack saw files encrypted which crippled its IT systems. The attack on Johnson Memorial Healthcare occurred at lightning speed. According to Dr. David Dunkle, President and CEO of Johnson Memorial Health, the hackers gained access to its IT systems at 10:31 p.m. on Friday night and deployed ransomware 2 minutes later at 10:33 p.m. The hospital’s IT department detected abnormal activity around 10:40 p.m. the same evening and shut down its network at 10:45 p.m. to minimize the damage caused. A ransom demand was issued by the attackers, but Dunkie says no payment has been made. An investigation is now underway to determine the extent of the encryption and which systems and files have been affected.


Texas: Ransomware Actor Tries to Pressure Allen ISD by Emailing Parents

Permalink - Posted on 2021-10-07 15:00

The malicious actors behind a ransomware attack against a school district in Texas attempted to extract payment this week with what one analyst said appears to be an entirely new tactic: emailing parents of students with a threat that if school officials do not pay up, their kids’ personal information may be published online.


U.S. Gov't to Sue Contractors Who Hide Breach Incidents

Permalink - Posted on 2021-10-07 15:00

Led by the Civil Division’s Commercial Litigation Branch, Fraud Section, the initiative will use the False Claims Act (FCA), which makes liable anyone who knowingly submits false claims to the government. A whistleblower provision in the Act allows private parties to identify and pursue fraudulent conduct. Whistleblowers benefit from protection and receive a significant part of any recovered funds. The Civil Cyber-Fraud Initiative aims to strengthen defenses and minimize the risk of intrusion on government networks due to poor cybersecurity practices from external partners.


91.5% of Malware Arrived Over Encrypted Connections During Q2 2021

Permalink - Posted on 2021-10-06 14:00

The latest report from the WatchGuard shows an astonishing 91.5% of malware arriving over encrypted connections during Q2 2021. This is a dramatic increase over the previous quarter and means that any organization that isn’t examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware.


Squid Game Scenes Cut Over Data Exposure

Permalink - Posted on 2021-10-06 14:00

Netflix has axed some scenes from its hit show Squid Game because the phone numbers it featured turned out to be genuine and in use by people in the real world. The deletions were made after the owners of the phone numbers received thousands of text messages and phone calls from curious Squid Game fans located around the globe.


Fired IT Administrator Revenge-Hacks School by Wiping Data, Changing Passwords

Permalink - Posted on 2021-10-06 14:00

A 29-year old wiped data on systems of a secondary school in the U.K. and changed the passwords at an IT company, in retaliatory cyber attacks for being fired. As a result of his actions, the school’s systems could no longer be accessed and remote learning was impacted at a time when pupils were at home due to the Covid-19 pandemic.


U.S. Clothing Brand Next Level Apparel Reports Phishing-Related Data Breach

Permalink - Posted on 2021-10-06 14:00

Next Level Apparel, a US clothing manufacturer and e-commerce operator, has alerted customers to a data breach connected to the compromise of employee mailboxes. “A limited number of employees’ email accounts” were compromised via phishing, which gave cybercriminals “access to the contents of the accounts at various times between February 17, 2021 and April 28, 2021,” said Next Level Apparel in a press release issued yesterday (October 5). This “resulted in unauthorized access to information contained in some email accounts, including names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information”.


ATO Attacks Increased 307% Between 2019 and 2021

Permalink - Posted on 2021-10-06 14:00

Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innovating upon typical credential stuffing campaigns. Specifically, the fraud ring, dubbed Proxy Phantom, used a massive cluster of connected, rotating IP addresses in carrying out automated credential stuffing attacks to hack user accounts on merchant websites. Using over 1.5 million stolen username and password combinations, the group flooded businesses with bot-based login attempts to conduct as many as 2,691 login attempts per second—all coming from seemingly different locations.


Hong Kong Firm Becomes Latest Marketing Company Hit with REvil Ransomware

Permalink - Posted on 2021-10-06 14:00

Hong Kong marketing firm Fimmick has been hit with a ransomware attack. Fimmick has offices in Hong Kong and across China, serving several high-profile clients like McDonalds, Coca-Cola, Shell, Asus and others. On Tuesday, it was discovered that REvil had breached Fimmick's databases and claimed to have data from a number of global brands. Lane shared screenshots showing REvil's threatening posts toward Fimmick that included information stolen from the company's website.


Massive Twitch Hack: Source Code and Payment Reports Leaked

Permalink - Posted on 2021-10-06 14:00

Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.


Medtronic Urgently Recalls Insulin Pump Controllers Over Hacking Concerns

Permalink - Posted on 2021-10-06 14:00

Medtronic is urgently recalling remote controllers for insulin pumps belonging to the ‘MiniMed Paradigm’ family of products, due to severe cybersecurity risks. The controllers that should be returned to the vendor are models MMT-500 and MMT-503, used with Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps. These devices were sold in the United States between August 1999 and July 2018, and it is estimated that there are 31,310 vulnerable units in use by diabetic patients in the country at the moment.


24% of Healthcare Employees Have Had No Security Awareness Training

Permalink - Posted on 2021-10-05 14:00

The security awareness training and phishing simulation platform provider KnowBe4 commissioned Osterman Research to conduct a survey on 1,000 U.S. employees to determine their level of knowledge about security threats and how much training they have been given. The findings of the survey were published in the KnowBe4 2021 State of Privacy and Security Awareness Report. The survey revealed employees are generally confident about password best practices but lacked confidence in other areas of cybersecurity such as identifying social engineering attacks. Only a minority understood threats such as phishing, even though phishing is one of the most common ways that hackers gain access to business networks and corporate data. Worryingly, less than half of respondents believed clicking a link in an email or opening an attachment could result in their mobile device being infected with malware, and 45% of respondents believe they do not need to implement additional cybersecurity safeguards because they do not work in the IT department.


The Telegraph Exposes 10 TB Database with Subscriber iInformation

Permalink - Posted on 2021-10-05 14:00

‘The Telegraph’, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases. The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers.


Cyber Attacks Disable IT Networks at 2 Indiana Hospitals

Permalink - Posted on 2021-10-05 14:00

Both hospitals in recent weeks have had to divert patients or postpone elective procedures as COVID-19 cases surged in the state, but so far neither have said whether patient care is being affected as they deal with the data security incidents. The two hospitals - Johnson Memorial Health in Franklin and Schneck Medical Center, located about 40 miles away in Seymour - are also the latest healthcare providers in Indiana to be hit with cyberattacks suspected to potentially involve ransomware. Indianapolis, Indiana-based Eskenazi Health, which operates a public healthcare system, was hit in early August with a ransomware attack that also involved the exfiltration of patient and employee data, some of which was later posted by hackers on the dark web.


Company That Routes Billions of Text Messages Quietly Says It Was Hacked

Permalink - Posted on 2021-10-05 14:00

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown "individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers. A former Syniverse employee who worked on the EDT systems told Motherboard that those systems have information on all types of call records.


Barclays Hacked by Cyber Thieves Using Monzo Account

Permalink - Posted on 2021-10-04 14:00

Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported. The cyberattack comes on the heels of an antitrust probe into Monzo by the Financial Conduct Authority (FCA). Monzo, a London challenger bank, is accused of being in violation of financial crime controls and anti-money laundering (AML) mandates.


Sandhills Shut Down by Ransomware Attack

Permalink - Posted on 2021-10-04 14:00

Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working. When users tried to visit websites hosted on Sandhills’ platform, they were greeted with a Cloudflare Origin DNS error page, indicating that Cloudflare is unable to connect to Sandhills’ servers. The outages are thought to be the outcome of a Conti ransomware attack.


LockBit 2.0 Ransomware Hit Israeli Defense Firm E.M.I.T. Aviation Consulting

Permalink - Posted on 2021-10-04 14:00

LockBit 2.0 ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. Aviation Consulting Ltd, threat actors claim to have stolen data from the company and are threatening to leak them on the dark web leak site of the group in case the company will not pay the ransom. It is not clear how the threat actors breached the company and when the security breach took place.


Ransomware Attack on Florida Behavioral Health Service Provider Affects 19,000 Individuals

Permalink - Posted on 2021-10-01 15:00

The Clearwater, FL-based non-profit behavioral health service provider Directions for Living was the victim of a ransomware attack on July 17, 2021. Upon detection of the attack, law enforcement was notified and third-party computer forensics experts were engaged to investigate the scope of the attack and assist with remediation efforts. The investigation concluded on August 30, 2021. A review of servers potentially accessed by the attackers confirmed they contained personal and protected health information of current and former clients, including names, addresses, dates of birth, Social Security numbers, diagnostic codes, claims information, insurance information, healthcare provider names, date of service, and certain health information. Directions for Living said its electronic medical record system was not affected and could not be accessed by the attackers and clients’ financial information was not stored on the affected servers.


Kansas: Pottawatomie County Pays Hackers to Restore Computer Systems After Cyber Attack

Permalink - Posted on 2021-10-01 15:00

Officials in Pottawatomie County say computer systems are slowly being restored after a ransom was paid to hackers. County officials say several of their servers were encrypted during a cyber attack on September 17, 2021. The county was able to resolve the attack by paying less than 10% of the hacker’s original demands. “The ransom was reduced by more than 90 percent from hackers’ original demand, an almost unheard-of outcome, every saved dollar of which is taxpayer revenue the county keeps to serve our citizens,” said County Administrator Chad Kinsley. The amount paid was not disclosed, however, WIBW-TV has filed an open records request to determine the specific amount that Pottawatomie Co. paid to resolve the ransomware attack.


Another Malaysia Carrier Allegedly Hacked and Data Exfiltrated

Permalink - Posted on 2021-10-01 15:00

Desorden Group, who recently claimed to have successfully breached ABX Express, has contacted DataBreaches.net to report yet another logistics firm breach. This time, the claimed victim is Skynet.com.my. Skynet is a carrier company in Malaysia that provides domestic and international carrier services. Desorden Group provided DataBreaches.net with proof of claim — a video taken showing Skynet’s folders, and some of the files within the folders. One file included 10,000 airwaybill records, while another .csv file contained information on 3,600 employees. Personal information in the files included names, date of birth, account numbers, phone numbers, address, email addresses, encrypted passwords but also passwords in plaintext, and more.


Former OnlyFans Employees Could Access Users' and Models' Personal Information

Permalink - Posted on 2021-10-01 15:00

Some former OnlyFans support staff employees still had access to users' data—including sensitive financial and personal information—even after they stopped working for the company used by sex workers to sell nudes and porn videos. According to a former OnlyFans employee who asked to remain anonymous because they feared retaliation, some ex-employees still had access to Zendesk, a popular customer service software used by many companies including OnlyFans, to track and respond to customer support tickets, long after leaving the company. OnlyFans uses Zendesk to respond to both users who post content and those who just pay to view that content. Motherboard was able to corroborate this with more than one former employee's access.


Neiman Marcus Data Breach Impacts 4.6 Million Customers

Permalink - Posted on 2021-10-01 15:00

Neiman Marcus disclosed that its 2020 data breach impacted about 4.6 million customers with Neiman Marcus online accounts. The personal information of these customers was potentially compromised during the incident. The bits of information include: Names, addresses, contact information; Usernames and passwords of Neiman Marcus online accounts; Payment card numbers and expiration dates (although no CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); Security questions of Neiman Marcus online accounts


IKEA Admits Cameras Were Hidden in the Ceiling Above Warehouse Toilets

Permalink - Posted on 2021-10-01 15:00

IKEA has removed hidden security cameras from its warehouse in Peterborough, England, after an employee spotted one in the ceiling void while using the toilet. Workers at the Swedish flat-pack furniture giant were concerned that they may have been spied on while in the bathroom. The discovery was made last week when the lights were switched off. A member of staff spotted what appeared to be a small red light between the panels of a suspended ceiling. When they investigated, they found the hidden camera. When they looked further, they found a number of other cameras above both the men's and ladies' toilets. One worker told the Peterborough Telegraph: "They were not wireless cameras, there is a whole network of cable." IKEA admitted they had been in place since 2015. The company did not say when they were last used.


Popular Android Apps with 142.5 Million Collective Installs Leak User Data

Permalink - Posted on 2021-10-01 15:00

CyberNews security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations. Exposed data potentially includes users’ names, emails, usernames, and more.


Thousands Affected by Ransomware Attack on Hawaii Company

Permalink - Posted on 2021-10-01 15:00

About 4,500 customers of a Honolulu payroll processing company were potentially affected by a ransomware attack that exposed Social Security numbers, dates of birth, the full names of clients and bank account information. In mid-February, Hawaii Payroll Services LLC discovered its servers and databases had been breached by an unauthorized user. The prohibited access of the servers maintaining company information happened from Feb. 15 to 16, likely by someone "able to gain access to Hawaii Payroll's systems through a compromised client account and execute a privilege escalation attack that enabled the intruder to disable and remove security software and encrypt all data residing in Hawaii Payroll's servers," according to the company.


Ransomware Attack Disrupts Hundreds of Bookstores Across France, Belgium, and the Netherlands

Permalink - Posted on 2021-09-30 15:00

Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management. The incident, which took place earlier this week, has impacted bookstore chains such as Libris, Aquarius, Malperthuis, Donner, Atheneum Boekhandels, and others, according to reports from news outlets in France, Belgium, and the Netherlands. This resulted in a days-long downtime of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. The company told local news outlets on Wednesday that the entry point for the attack was a Windows-based server, that the attackers requested a huge ransom, but they don’t plan to pay.


Baby's Death Alleged to Be Linked to Ransomware

Permalink - Posted on 2021-09-30 15:00

A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack. As the Wall Street Journal reported on Thursday, the baby’s mother, Teiranni Kidd, gave birth to her daughter, Nicko Silar, on July 16, 2019, without knowing that the hospital was entering its eighth day of clawing its way back from the attack. According to court filings, health records at the hospital – Springhill Medical Center, in Mobile, Ala. – were inaccessible. A wireless tracking system for locating medical staff was still down. And, in the labor-and-delivery unit, staff were cut off from the equipment that monitors fetal heartbeats, which are normally tracked on a large screen at the nurses’ station and in the delivery room.


Data Breaches Reported by Horizon House and Samaritan Center of Puget Sound

Permalink - Posted on 2021-09-29 15:00

Horizon House, Inc., a Philadelphia, PA-based provider of mental health and residential treatment services has announced its IT systems have been hacked and the protected health information of 27,823 individuals has potentially been compromised. Suspicious activity was detected in its computer systems on March 5, 2021. An investigation was launched to determine the nature and scope of the breach, which revealed an unauthorized individual had access to its systems between March 2 and March 5, 2021. A review of files stored on the compromised systems was completed around September 3, 2021. The files contained protected health information such names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, medical information, health insurance information, and medical claims information.


PHI of 29,000 Patients Exposed in McAllen Surgical Specialty Center Ransomware Attack

Permalink - Posted on 2021-09-29 15:00

McAllen Surgical Specialty Center in Texas has started notifying patients about a ransomware attack that was detected on May 14, 2021. Third-party computer forensics specialists were engaged to investigate the breach and determine the nature and scope of the attack. The investigators determined unauthorized individuals had gained access to certain computers and servers on May 12, 2021 and deployed ransomware. Unauthorized access to its network was blocked on May 14. A comprehensive analysis was conducted to determine the servers and computers that had been affected, and which had potentially been accessed by the hackers. On July 22, it was determined patient data had potentially been compromised in the attack. The affected computers and servers contained a range of patient information, with the types of exposed data varying from patient to patient. Data potentially affected included names, addresses, Social Security numbers, dates of service, health insurance information, provider name, patient numbers, and medical record numbers.


Mental Healthcare Providers Report Data Breaches

Permalink - Posted on 2021-09-29 15:00

Data breaches at two American mental healthcare providers may have exposed thousands of individuals’ personal health information (PHI). Horizon House, Inc., which is in Philadelphia, Pennsylvania, warned that 27,823 people might have been impacted by a cyber-attack that took place in the late winter. A review of the files compromised in the incident determined that the unknown cyber-attacker gained access to data including names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, and health insurance information.


More Than Two-Thirds of Organizations Are Targets of at Least One Ransomware Attack

Permalink - Posted on 2021-09-29 15:00

Most organizations are more concerned about ransomware than other cyber-threats. This is a key finding from the 2021 Global State of Ransomware Report by cybersecurity company Fortinet. Unveiled today, the survey also reveals that while the majority of organizations surveyed indicated they are well prepared for a ransomware attack, including employee cyber training, risk assessment plans and cybersecurity insurance, there was a clear gap in what many respondents viewed as essential technology solutions. Based on the technologies viewed as essential, organizations were most concerned about remote workers and devices, with Secure Web Gateway, VPN and Network Access Control amongst the top choices. While ZTNA is an emerging technology, it should be considered a replacement for traditional VPN technology. However, the low importance of segmentation (31%) was most concerning, a critical technology solution that prevents intruders from moving laterally across the network to access critical data and IP. Likewise, UEBA and sandboxing play a crucial role in identifying intrusions and new malware strains, yet both were lower on the list. Another surprise was secure email gateway at 33%, given phishing was reported as a common entry method of attackers.


Trucking Giant Forward Air Reports Ransomware Data Breach

Permalink - Posted on 2021-09-29 15:00

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. In December 2020, Forward Air suffered a ransomware attack by what was believed to be a new cybercrime gang known as Hades. This attack caused Forward Air to shut down its network, which led to business disruption and the inability to release freight for transport. An SEC filing by Forward Air states that the company lost $7.5 million of less than load (LTL) freight revenue "primarily because of the Company’s need to temporarily suspend its electronic data interfaces with its customers."


Navistar Confirms Data Breach Involved Employee Healthcare Information

Permalink - Posted on 2021-09-29 15:00

An investigation at US truck maker Navistar has revealed that a data breach on its systems exposed employee healthcare information. On June 7, Navistar filed 8-K papers with the US Security and Exchange Commission, warning investors about the incident. The notification generated press coverage about the incident from Reuters and other outlets, as investigators continued to access the scope and impact of the incident. By August 20, Navistar’s team had confirmed that attackers had “accessed and taken” the personal information of participants to its healthcare and life insurance plans. The potentially compromised data included the full names, addresses, dates of birth, and Social Security numbers of an unspecified number of Navistar employees past and present, according to an updated statement by Navistar on the breach.


Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts

Permalink - Posted on 2021-09-29 15:00

Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. Launched in November 2020 by the Central Bank of Brazil, the country's monetary authority, Pix is a state-owned payments platform that enables consumers and companies to make money transfers from their bank accounts without requiring debit or credit cards. PixStealer, which was found distributed on Google Play as a fake PagBank Cashback service app, is designed to empty a victim's funds to an actor-controlled account, while MalRhino — masquerading as a mobile token app for Brazil's Inter bank — comes with advanced features necessary to collect the list of installed apps and retrieve PIN for specific banks.


Canada: Portpass App for Vaccines Accused of Exposing User Data

Permalink - Posted on 2021-09-28 15:00

Private proof-of-vaccination app Portpass exposed personal information, including the driver's licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured. On Monday evening, CBC News received a tip that the user profiles on the app's website could be accessed by members of the public. CBC is not sharing how to access those profiles, in order to protect users' personal information, but has verified that email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver's licences and passports can easily be viewed by reviewing dozens of users' profiles. The information was not encrypted and could be viewed in plain text.


Colossus Ransomware Hits Automotive Company in the U.S.

Permalink - Posted on 2021-09-28 15:00

A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox. Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data. The cybercriminals, who were demanding $400,000 to be paid in exchange for the decryption key, have directed the victim to contact them via a “support page” on a custom domain.


Class Action Lawsuits Filed Against San Diego Health Over Phishing Attack

Permalink - Posted on 2021-09-28 15:00

Multiple class action lawsuits have been filed against the Californian healthcare provider San Diego Health over a data breach involving the protected health information of 496,949 patients. On March 12, 2021, San Diego Health identified suspicious activity in employee email accounts and launched an investigation. On April 8, 2021, it was determined multiple email accounts containing patients’ protected health information had been accessed by unauthorized individuals between December 2, 2020 and April 8, 2021. A review of the compromised email accounts confirmed them to contain protected health information such as names, addresses, dates of birth, email addresses, medical record numbers, government ID numbers, Social Security numbers, financial account numbers, and health information such as test results, diagnoses, and prescription information.


69% of All Malware Is Ransomware

Permalink - Posted on 2021-09-28 15:00

Eighty-seven percent of ransomware attacks were aimed at servers, network equipment, and computers. In Q1, it was 71%; Financially-motivated attacks accounted for a whopping 59%; In Q2 2021, ransomware attacks increased to 69% from 63% in the previous quarter. The most common targets include education, medical, government, industrial, and scientific firms and institutions; A report by Cybereason states that 80% of organizations that paid a ransom were targeted for a second time. Among those, 46% surmised that they were attacked by the same threat actor.


Bandwidth.com Is Latest Victim of DDoS Attacks Against VoIP Providers

Permalink - Posted on 2021-09-28 15:00

Bandwidth.com has become the latest victim of distributed denial of service attacks targeting VoIP providers this month, leading to nationwide voice outages over the past few days. Earlier this month, VoIP provider VoIP.ms suffered a catastrophic week-long DDoS attack that took down almost all of their services and portals, leaving their customers without voice services. The VoIP.ms attack was an extortion DDoS attack where threat actors impersonating the ransomware group 'REvil' initially demanded one bitcoin ($45,000) to halt their attacks but later increased it to 100 bitcoins ($4.5 million).


U.K. umbrella Payroll Firm GiantPay Confirms Cyber Attack

Permalink - Posted on 2021-09-28 15:00

Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a "sophisticated" cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed. The attack happened last Wednesday (September 22) and forced the outfit – known to many as Giant Pay – to shut down its whole network, including its phone and email systems, as well as its IT infrastructure. It said last night it was still working on a "technical issue that is preventing us from getting the giant umbrella and giant accounts portals back up and running." The incident blew up last week when contractors, many of whom work in IT, were unable to contact the company or carry out payroll-related tasks.


3.8 Billion Users' Combined Clubhouse, Facebook Data Up for Sale

Permalink - Posted on 2021-09-27 15:00

On its own, the database of 3.8 billion phone numbers leaked from social-media platform Clubhouse didn’t have much value on the underground market. In fact, they were eventually dumped in a hacker forum for free. But an enterprising threat actor has reportedly combined those phone numbers with 533 million Facebook profiles leaked last April and is selling that enhanced trove of personal identifiable information (PII) to the highest bidder on the underground market. According to CyberNews, the combined Clubhouse-Facebook database includes names, phone numbers and other data, and is listed on an underground forum for $100,000 for all 3.8 billion entries, with smaller chunks of data available for less. Reportedly, the seller is still looking for buyers.


Vice Society Ransomware Gang Attacks United Health Centers of San Joaquin Valley

Permalink - Posted on 2021-09-27 15:00

The Vice Society ransomware gang claims to have conducted a ransomware attack on the California healthcare provider United Health Centers of San Joaquin Valley. United Health Centers operates more than 20 community health centers in Fresno, Kings, and Tulare counties. The cyberattack has yet to appear on the HHS’ Office for Civil Rights Breach Portal or the website of the California Attorney General and United Health Centers has not published any notification on its website at the time of writing. Under HIPAA, regulated entities have up to 60 days to issue notifications about a data breach. Bleeping Computer reports the Vice Society gang has already leaked data allegedly obtained in the attack on its data leak website, some of which contains patients’ protected health information (PHI). Databreaches.net has reviewed some of the dumped files and confirmed they contained PHI such as names, dates of birth, insurance information, dates of service, diagnostic codes, and treatment and service codes, along with a folder containing files of patients who had fallen into arrears on their accounts and were referred to debt collection agencies in 2012. Some of those files included patients’ Social Security numbers, diagnosis information, and other types of PHI.


Data Breaches Reported by Vista Radiology, Indian Creek Foundation & Mankato Clinic

Permalink - Posted on 2021-09-27 15:00

Knoxville, TN-based Vista Radiology has notified 3,634 patients about a ransomware attack experienced on July 11, 2021 which took part of its network offline. A leading computer forensics firm was engaged to conduct a full investigation into the attack. And the initial investigation appeared to suggest the sole purpose of the attack was to encrypt its systems, and that data exfiltration was not involved. However, Vista Radiology was informed on July 15 that some evidence had been found that files or folders containing patient data had been accessed and viewed. The investigation confirmed files were encrypted in the evening of July 10 with a subset of those files accessed prior to encryption.


Fifth of Healthcare Providers Report Increase in Patient Mortality After a Ransomware Attack

Permalink - Posted on 2021-09-27 15:00

According to a recent survey conducted by the Ponemon Institute, more than one fifth (22%) of healthcare organizations said patient mortality increased after a ransomware attack. Ransomware attacks on healthcare providers often result in IT systems being taken offline, phone and voicemail systems can be disrupted, emergency patients are often redirected to other facilities, and routine appointments are commonly postponed. The recovery process can take several weeks, during which time services continue to be disrupted. While some ransomware gangs have a policy of not attacking healthcare organizations, many ransomware operations target healthcare. For instance, the Vice Society ransomware operation has conducted around 20% of its attacks on the healthcare sector and attacks on healthcare organizations have been increasing. During the past 2 years, 43% of respondents said their organization had suffered a ransomware attack, and out of those, 67% said they had one while 33% said they had more than one.


Mexico: El Instituto Nacional de Medicina Genómica (Inmegen) Hit by Cyber Attack

Permalink - Posted on 2021-09-27 15:00

The same group of threat actors who recently hit the South African National Space Agency (SANSA), are now claiming to have hit a Mexican government health agency that is involved in COVID testing or research: El Instituto Nacional de Medicina Genómica. Limited data has been publicly dumped so far, but it appears to include a database called “COVID” that has a number of tables relating to collection of information on COVID-19 patients. One table, as an example, includes 400 records with fields like name, age, date of birth, email, phone, and other details. Other files in the dump contain testing results on named patients.


Two in Three Indian SMBs Paying Just Under $500,000 per Cyber Attack

Permalink - Posted on 2021-09-27 15:00

A new study by Cisco titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense shows that small and medium-sized businesses (SMBs) in India are exposed, under attack, and more worried about cybersecurity threats than before. According to the study, three in four (74%) SMBs in India suffered a cyber incident in the past year, resulting in 85% losing customer information to malicious actors, in addition to a tangible impact on business. More than half (62%) of SMBs in India that suffered cyber incidents in the past 12 months said that cyber-attacks cost their business more than INR 3.5 crore. Of these, 13% say that the cost was over INR 7 crore.


K and B Surgical Center & Healthpointe Medical Group Notify Patients of Hack

Permalink - Posted on 2021-09-24 15:00

K and B Surgical Center in Beverley Hills, CA has discovered an unauthorized individual gained access to its computer network. The security breach was detected on March 30, 2021, with the third-party forensic investigation confirming its network was compromised between March 25 and March 30. Upon discovery of the breach, steps were taken to prevent further unauthorized access and an investigation was launched to determine the extent of the breach. The investigation concluded on April 27, 2021 that the attacker gained access to parts of the network that contained the protected health information of patients.


Email Breaches Reported by Eastern Los Angeles Regional Center

Permalink - Posted on 2021-09-24 15:00

Eastern Los Angeles Regional Center has discovered the email account of an employee has been accessed by an unauthorized individual. Suspicious activity was detected in the email account on July 15, 2021. A password reset was performed to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach. It was confirmed that the account was accessed for a limited period of time on July 15, 2021 and that the email account contained the protected health information of 12,921 individuals, including first and last names, Social Security numbers, ELARC-issued client identifier numbers, Tax ID numbers, medical histories, treatment or diagnosis information, and health insurance information.


Indiana: Carmel Clay Schools Notifying 15,817 After Compromise of Employee Email Accounts

Permalink - Posted on 2021-09-24 15:00

Investigation revealed that there had been unauthorized access between February 15 – February 24. It took the district, working with third-party forensic specialists, until August 31 to determine everyone who may have had personal information in the compromised accounts. On September 20, letters went out to 15,817 people who had their personal information in those compromised email accounts.


S. African Debt Firm Exposes Millions of South Africans to Harm After Data Breach

Permalink - Posted on 2021-09-24 15:00

More than a million South African citizens have potentially had their personal data exposed after a ransomware attack at a debt recovery services firm. The company in question, Debt-IN Consultants, confirmed this week (September 22) that it had been the victim of a cyber-attack which resulted in a “significant data breach” of consumer and employee personal information. More than 1.4 million South Africans are suspected to have been impacted by the incident, after Debt-IN says their data was illegally accessed from servers in April this year. Compromised information may include customer names and contact details, employment and salary information, and debt-related information including payments and balance owed to Debt-IN.


Virginia: Greensville County Public Schools Hit by Grief Threat Actors

Permalink - Posted on 2021-09-24 15:00

Grief threat actors have added another k-12 district to their list of victims who have refused to pay their ransom demands. Greensville County Public Schools in Emporia, Virginia was added to Grief’s dark web leak site on September 21. But by September 15, the district had already disclosed that they were dealing with a cyberware attack.


Illinois Discloses Breach Involving Access Control to Illinois Integrated Eligibility System

Permalink - Posted on 2021-09-23 15:00

KHQA reports that ten months after a data breach involving the Illinois Integrated Eligibility System (IES), the state is now disclosing the incident.


E.U. Chief Announces Cyber Security Law for Connected Devices

Permalink - Posted on 2021-09-23 15:00

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society. Bart Groothuis, the lawmaker leading on the NIS2 file in the European Parliament, emphasises the complementarity of the two EU laws. While NIS2 addresses the security of critical supply chains, he says connected devices are a blind spot in the EU cybersecurity arsenal.


African Bank Warns of Data Breach with Personal Details Compromised

Permalink - Posted on 2021-09-23 15:00

African Bank has confirmed that one of its appointed professional debt recovery partners, Debt-IN, was targeted by cybercriminals in April 2021. At the time, expert security advice concluded that there was no evidence that the ransomware attack had resulted in a data breach – however, Debt-IN is now aware that the personal data of certain customers, including a number of African Bank Loan customers under debt review, has been compromised.


More Afghan Citizens' Data Exposed in Second MoD Breach

Permalink - Posted on 2021-09-23 15:00

The UK’s Ministry of Defence (MoD) has reportedly suffered a second data breach that has exposed details of more Afghan citizens who may be at risk of reprisals from Taliban forces. Earlier this week, the government department was forced to apologize for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces during the allied occupation of the country. This included their email addresses, names and LinkedIn profile images, putting them at risk of reprisals from the Taliban, who recently retook control of Afghanistan 20 years after being ousted by British and US forces. A second data breach involving Afghan citizens who may be eligible to relocate to the UK has now been uncovered by the BBC, who revealed MoD officials sent an email earlier this month that mistakenly copied in dozens of people. This displayed the email addresses and some names of 55 Afghanis, including those from the Afghan National Army. The email informed the recipients that UK relocation officials had been unable to contact them and requested updated details.


DDoS Attacks Increased 11% in 1H 2021, Fueling a Global Security Crisis

Permalink - Posted on 2021-09-23 15:00

NETSCOUT announced findings from its report that underscore the dramatic impact cyberattacks continue to have on private and public organizations and governments worldwide. In the first half of 2021, cybercriminals launched approximately 5.4 million Distributed Denial of Services (DDoS) attacks, increasing 11% over 1H 2020 figures. Additionally, data projections point to 2021 as another record-setting year on track to surpass 11 million global DDoS attacks. This long tail of attacker innovation is expected to last, fueling a growing cybersecurity crisis that will continue to impact public and private organizations.


Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

Permalink - Posted on 2021-09-23 15:00

More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. "There was no need for a password or login credentials to see this information, and the data was not encrypted," the researchers said in an exclusive report shared with The Hacker News. The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, causing sensitive information such as clients' names, photos, and addresses to be disclosed. The details stored in the bucket range from invoices and income documents to quotes and account statements dating between 2014 and 2021.


Ransomware Attack Levels Soaring, Now Accounting for 69% of All Attacks Involving Malware

Permalink - Posted on 2021-09-23 15:00

Ransomware attacks have reached ‘stratospheric’ levels in Q2 2021, now accounting for 69% of all attacks involving malware. That is among the most disturbing finding in the latest report from Positive Technologies. The research also reveals that the volume of attacks on governmental institutions in particular soared from 12% in Q1 2021 to 20% in Q2. And the company’s Expert Security Center during the quarter discovered the emergence of B-JDUN, a new RAT used in attacks on energy companies, and Tomiris, new malware that comes with functions for gaining persistence and can send encrypted information about the workstation to an attacker-controlled server.


ANZ Reports a 73% Year-on-Year Increase in Scams for the First Eight Months of 2021

Permalink - Posted on 2021-09-23 15:00

Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams. In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eights months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year. Over the same period, ANZ retail customers sent AU$77 million to scammers, of which the bank was able to claw back almost AU$19 million, Elliot said.


More Than 1 in 3 People Have Tried to Guess Someone Else's Password: 3 in 4 Succeed

Permalink - Posted on 2021-09-22 15:00

New York, NY-based digital identity firm Beyond Identity spoke with 1,015 people in the US to learn more about their password-making strategies and how they generally conduct themselves in regards to online safety. Many of us already share our account passwords. Over half of us (50.1%) share our video streaming account, and almost as many share our music streaming accounts (44.9%). One in four of us (25.7%) share passwords to our online banking. On average, we share three of our passwords with other people. The study revealed that many people try to guess others' passwords and are often successful. Over 73% managed to guess someone's passwords. Over half (51.6%) try to guess their romantic partner's passwords, and almost one in four (24.6%) try to guess their child's password. Over one in five (22%) try to guess their co-worker's password, and one in five (19.9%) try to guess their ex-partner's or boss' password. The most common tactic is using information known about the other person (39.2%), while 18.4% check the person's social media profiles to try and guess. Over two in five (43.7%) try to guess passwords for personal email accounts, and almost one in three (32.6%) try to guess phone passwords.


Kansas: Pottawatomie County Cyber Attack Encrypts Multiple Servers

Permalink - Posted on 2021-09-22 15:00

Officials in Pottawatomie County are assessing the extent of a cyber attack discovered last week. Pottawatomie Co. Public Information Officer Becky Ryan confirms that county IT staff discovered an active cyber attack on Friday, September, 17. Ryan says the breach encrypted multiple servers, which prevented the access of many systems used every day. Those specific systems were not identified.


Half of Web Owners Don't Know If Their Site Has Been Attacked

Permalink - Posted on 2021-09-22 15:00

Nearly half of US website owners have so little insight into third-party code that they can’t say definitively if their site has suffered a cyber breach, according to new research from PerimeterX. According to the vendor, the challenge for these firms is the extensive use of third-party sources for code, many of which obtain their code in turn from other third parties. It claimed that 99% of firms use this extensive software supply chain for web functionality, including ad tracking, payments, customer reviews, chatbots, tag management, social media integration, and helper libraries that simplify common functions. What’s more, almost 80% of respondents said that these third-party scripts and open source libraries account for 50-70% of the capability in their website. The organizations polled recognized the potential risks involved in severe attacks on their web infrastructure, citing damage to brand and corporate reputation, loss of future revenue and potential lawsuits as potentially “huge” or “major” problems. However, 48% could not say whether their site had been attacked, up from 40% in 2020. PerimeterX argued that shadow code — scripts and libraries added without IT oversight or security vetting — is a challenge that could introduce hidden risks to the organization. Although respondents claimed to understand shadow code, only a quarter (25%) said they perform a security review for every script modification, and only a third (33%) automatically detect potential problems.


Vermont Radio Stations Dealing with Fallout from Cyber Attack

Permalink - Posted on 2021-09-22 15:00

Marketron is a national company that helps companies manage their advertisements using automation to make a once lengthy process much faster. But a cyberattack launched by the Russian outfit BlackMatter is impacting thousands of Marketron’s customers, including several stations in Vermont. Marketron says they are in talks with the Russian hackers at BlackMatter as well as the FBI to help rectify the situation as quickly as possible.


Ukrainian Hackers Hit Michigan Health Company with Ransomware

Permalink - Posted on 2021-09-22 15:00

A health care company with several locations throughout Monroe County was the target of a sophisticated cyber attack and is advising those potentially impacted to monitor their financial credit data. Earlier this month, Family Medical Center of Michigan contacted its customers to advise them of a data breach that occurred July 2020. A group of hackers based in Ukraine targeted the company in a ransomware attack, taking control of the company's financial files and encrypting them so employees would be unable to access patients' financial information. The hackers demanded FMC officials pay a sum of $30,000 to unlock those files. The company complied with the demand, said Ed Larkins, CEO of FMC.


Ransomware Victims Panicked While FBI Secretly Held REvil Decryption Key

Permalink - Posted on 2021-09-22 15:00

For three weeks during the REvil ransomware attack this summer, the FBI secretly withheld the key that would have decrypted data and computers on up to 1,500 networks, including those run by hospitals, schools, and businesses. The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip-off the REvil gang and had hoped to take down their operations, sources told the Post. Instead, REvil went dark on July 13 before the FBI could step in. For reasons that haven’t been explained, the FBI didn’t cough up the key until July 21.


Second Farming Cooperative Shut Down by Ransomware This Week

Permalink - Posted on 2021-09-22 15:00

Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. At this time, it is not known what ransomware operation is behind the attack. BleepingComputer contacted Crystal Valley yesterday about the attack but has not heard back.


Microsoft Exchange Autodiscover Bugs Leak 100,000 Windows Credentials

Permalink - Posted on 2021-09-22 15:00

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites.


Afghan Interpreters' Data Exposed in MoD Breach

Permalink - Posted on 2021-09-21 15:00

The United Kingdom's Ministry of Defense has apologized for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces. The email – in which the interpreters' email addresses, names, and some linked profile images were exposed – was sent by the team in charge of the UK's Afghan Relocations and Assistance Policy (ARAP) to Afghan interpreters who have either left Afghanistan or who remain in the country.


Hacker Steals $12 Million from DeFi Platform

Permalink - Posted on 2021-09-21 15:00

Wrapped Bitcoin worth more than $12m has been stolen from the decentralized finance protocol pNetwork. The cross-chain project announced the theft of 277 BTC on September 19 via Twitter, ascribing the hack to a codebase vulnerability. The theft was executed on Binance Smart Chain, which featured in the biggest ever DeFi heist in history – the $610m Poly Network hack that took place in August.


Marketron Marketing Services Hit by Blackmatter Ransomware

Permalink - Posted on 2021-09-21 15:00

On Monday, Marketron announced the incident saying that it was dealing with a “cyber event” that disrupted some of its business operations and impacted all its customers. “Currently, all Marketron services are offline,” the company announced, adding that the attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange, and Advertiser Portal services. The BlackMatter ransomware is believed to be a rebrand of the DarkSide ransomware operation, which shut down after attacking Colonial Pipeline in May.


BlackMatter Hits Grain Cooperative with Ransomware Attack

Permalink - Posted on 2021-09-20 15:00

Iowa-based grain cooperative New Cooperative Inc. was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future Inc. The ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom, Liska said.


France: CMA CGM Hit by Another Cyber Attack

Permalink - Posted on 2021-09-20 14:00

CMA CGM has been hit by another cyber attack, just under one year since its last big breach. The French containerline told customers today that it had suffered a leak of data on limited customer information involving first and last names, employer, position, email address and phone number. CMA CGM said its IT teams have immediately developed and installed security patches.


Pennsylvania: Horizon House Notifying Patients of Ransomware Attack in March

Permalink - Posted on 2021-09-20 14:00

"The following types of information were present in the impacted systems and therefore potentially viewed or acquired by the unknown actor during this incident: name, address, Social Security number, driver’s license and/or state identification card number, date of birth, financial account information, medical claim information, medical record number, patient account number, medical diagnosis, medical treatment information, medical information, health insurance information, and medical claim information. Horizon House is unaware that any of the information was misused or disseminated by the unknown actor and is therefore providing this notice in an abundance of caution."


Epik Data Breach Impacts 15 Million Users, Including Non-Customers

Permalink - Posted on 2021-09-20 14:00

Epik has now confirmed that an "unauthorized intrusion" did in fact occur into its systems. The announcement follows last week's incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company's initial response to the data breach claims, Anonymous had altered Epik's official knowledge base, as reported by Ars. Turns out, the leaked data dump contains 15,003,961 email addresses belonging to both Epik's customers and non-customers, and not everyone is pleased with the news. This occurred as Epik had scraped WHOIS records of domains, even those not owned by the company, and stored these records. In doing so, the contact information of those who have never transacted with Epik directly was also retained in Epik's systems.


Data of 106 Million Visitors to Thailand Breached

Permalink - Posted on 2021-09-20 14:00

A British cybersecurity researcher stumbled across his own personal data online after discovering an unsecured database containing the personal information of millions of visitors to Thailand. Bob Diachenko, leader of cybersecurity research at Comparitech, found the unprotected Elasticsearch database on August 22, 2021. Inside the 200GB digital index were records dating back ten years containing the personal details of more than 106 million international travelers. Information exposed in the publicly accessible database consisted of full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.


Hacked Simon Eye Management Email Accounts Contained PHI of More Than 144,000 Patients

Permalink - Posted on 2021-09-20 14:00

Wilmington, DE-based Simon Eye Management has suffered a breach of its email environment and hackers potentially gained access to the protected health information of 144,373 patients. A comprehensive review was conducted to identify patients whose PHI was contained in emails and email attachments. The review confirmed the following types of patient data were present in the accounts: name, medical history, treatment/diagnosis information, health information, health insurance information, and insurance application and/or claims information. A subset of individuals also had their Social Security number, date of birth, and/or financial account information exposed.


EventBuilder Misconfiguration Exposes Microsoft Event Registrant Data

Permalink - Posted on 2021-09-20 14:00

Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines. A report from security researcher Bob Diachenko in partnership with Clario Tech reveals that EventBuilder exposed more than one million CSV and JSON files with personal information belonging to registrants to events through Microsoft Teams. Publicly exposed details included full names, email addresses, company names and registrant’s position, phone numbers, and questionnaire feedback. The data was discovered using the Grayhat Warfare search engine.


Netherlands: Scoupy Warns of Knowledge Breach

Permalink - Posted on 2021-09-20 14:00

The Dutch cashback app Scoupy warned of a knowledge breach of its 2 million customers. Private information resembling identify, handle, place of residence, cellphone quantity, e mail handle, date of beginning, receipt and encrypted password, and encrypted checking account quantity (IBAN) seem to have been stolen.


Update: Dotty Data Breach of PII/PHI Information Confirmed

Permalink - Posted on 2021-09-17 15:00

The breach involved customer driver's license numbers, passport numbers, financial account and routing numbers, taxpayer identification numbers and credit card numbers, as well as expiration dates.


Alaska Department of Health Reveals Data Breach

Permalink - Posted on 2021-09-17 15:00

The Alaska Department of Health and Social Services (DHSS) has warned that a “highly sophisticated” cyber-attack may have exposed residents’ personal data, including financial information. Before systems were shut down attackers potentially had access to full names, dates of birth, Social Security numbers, addresses, phone numbers, driver’s license numbers, health information, and financial information. Internal identifying numbers such as for Medicaid or case reports, and historical information concerning individuals’ interaction with DHSS were also potentially exposed.


New York: Yonkers Attacked by Ransomware But Refuses to Pay Ransom

Permalink - Posted on 2021-09-17 15:00

Government employees at the City of Yonkers were denied access to their computers last week, after cyber criminals launched a ransomware attack. The city said that it refused to pay the ransom and would restore as much data as possible from backups. In the meantime, employees have been doing as much work as possible manually. This often means keeping pen and paper records that are transferred into databases when the systems are back online.


Cyber Attack Led to IT Outage at 8 Texas Cancer Clinics: 36,000 Exposed

Permalink - Posted on 2021-09-17 15:00

The cancer treatment network, which has eight locations, discovered Aug. 4 that hackers had deployed malware onto its systems, according to an Aug. 27 news release. The chain of cancer centers immediately shut down its IT network and law enforcement was contacted. Exposed information may include Social Security numbers, names, addresses, birthdates, credit card numbers and health-related information. Its experts worked daily to fully restore its IT systems and restore operations, according to an Aug. 27 data breach notification letter.


Cryptocurrency Launchpad Hit by $3 Million Supply Chain Attack

Permalink - Posted on 2021-09-17 15:00

In a Twitter thread today, SushiSwap CTO Joseph Delong announced that an auction on MISO launchpad had been hijacked via a supply chain attack. An "anonymous contractor" with the GitHub handle AristoK3 and access to the project's code repository had pushed a malicious code commit that was distributed on the platform's front end. A rogue contractor AristoK3 pushed malicious code commit 46da2b4420b34dfba894e4634273ea68039836f1 to Sushi's "miso-studio" repository. As the repository appears to be private, GitHub is throwing a 404 "not found" error to those not authorized to view the repository. So how did the "anonymous contractor" get access to the project repository in the first place? Surely there must be a vetting process somewhere at SushiSwap.


Britian: Banks Slammed for Low Fraud Reimbursement Rates

Permalink - Posted on 2021-09-16 15:00

The UK’s high street banks have been called out for “shockingly low” reimbursement rates for Authorized Push Payment (APP) fraud. APP fraud is an increasingly popular type of scam in which the fraudster — posing as a trusted entity such as a family member or business — tricks the victim into transferring money to a bank account under their control. It cost an estimated £479m in 2020. Until a voluntary banking code of conduct was recently introduced, victims had no course to reclaim funds because they technically initiated the payment. When the code was rolled out 14 months ago — in combination with pop-up warnings online if payee names and account details don’t match — it was hoped things would change. However, that doesn’t appear to have been the case, according to consumer rights group 'Which?.'


HP Omen Hub Exposes Millions of Gamers to Cyber Attack

Permalink - Posted on 2021-09-16 16:00

Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw (CVE-2021-3437) from researchers from SentinelLabs details how the gaming software was built in part by copying code from a problematic open-source driver called WinRing0.sys.


Customer Care Giant TTEC Hit by Ransomware

Permalink - Posted on 2021-09-16 15:00

On Sept. 14, KrebsOnSecurity heard from a reader who passed on an internal message apparently sent by TTEC to certain employees regarding the status of a widespread system outage that began on Sunday, Sept. 12. TTEC’s own message to employees suggests the company’s network may have been hit by the ransomware group “Ragnar Locker,” (or else by a rival ransomware gang pretending to be Ragnar). The message urged employees to avoid clicking on a file that suddenly may have appeared in their Windows start menu called “!RA!G!N!A!R!”


FTC: Health App and Connected Device Makers Must Disclose Data Breaches

Permalink - Posted on 2021-09-16 15:00

The Federal Trade Commission approved a policy statement Wednesday that warns makers of health apps and connected devices that collect health-related information to comply with a decade-old data breach notification rule. The policy is part of a shift towards more aggressive enforcement on technology issues at the agency under the leadership of Chair Lina Khan, who signalled more scrutiny of data-based ecosystems connected to such apps and devices may be down the line.


India Reported 11.8% Rise in Cyber Crime in 2020

Permalink - Posted on 2021-09-16 15:00

India recorded 50,035 cases of cyber crime in 2020, with a 11.8 per cent surge in such offences over the previous year, as 578 incidents of "fake news on social media" were also reported, official data showed on Wednesday. The rate of cyber crime (incidents per lakh population) also increased from 3.3 per cent in 2019 to 3.7 per cent in 2020 in the country, according to the National Crime Records Bureau (NCRB) data. In 2019, the country recorded 44,735 cases of cyber crime, while the figures stood at 27,248 in 2018, the data from corresponding years showed.


Mass Personal Data Theft from Paris Covid Tests

Permalink - Posted on 2021-09-16 15:00

Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday. Stolen were the identities, social security numbers and contact details of people tested as well as the identities and contact details of health professionals who dealt with them, along with the test results, the hospital organisation said.


Ransomware Preparedness Is Low Despite Executives' Concerns

Permalink - Posted on 2021-09-15 15:00

86.7% of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll. And while 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3% say that their organizations have simulated ransomware attacks to prepare for such an incident.


Execs Concerned About Software Supply Chain Security, But Not Taking Action

Permalink - Posted on 2021-09-15 15:00

Venafi announced survey results highlighting the challenges of improving software supply chain security. The survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and revealed a glaring disconnect between executive concern and executive action. While 94% of executives believe there should be clear consequences (fines, greater legal liability for companies proven to be negligent) for software vendors that fail to protect the integrity of their software build pipelines, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.


Walgreens' Covid-19 Test Registration System Exposed

Permalink - Posted on 2021-09-15 15:00

"If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even the results of these tests could be gleaned from that data. The data exposure potentially affects millions of people who used — or continue to use — Walgreens’ Covid-19 testing services over the course of the pandemic."


Class Action Lawsuit Filed Against St. Joseph's/Candler Over Ransomware Attack Affecting 1.4 Million Patients

Permalink - Posted on 2021-09-15 15:00

A class action lawsuit has been filed against St. Joseph’s/Candler Hospital Health System in response to a ransomware attack that occurred on June 17, 2021. The attack resulted in the encryption of files and forced the hospital’s IT systems offline. The systems accessed by the hackers contained the protected health information of 1.4 million patients, including names, Social Security numbers, driver license numbers, health insurance information, healthcare data, and financial information. St. Joseph’s/Candler offered affected patients a one-year membership to the Experian IdentityWorks credit monitoring and identity theft protection service. The investigation into the ransomware attack confirmed the hackers first accessed its network on December 18, 2020, 6 months prior to the ransomware being deployed. During that time the hackers had access to patient data stored on its systems.


Improper Disposal Incident Affecting 117,000 HealthReach Patients

Permalink - Posted on 2021-09-15 15:00

The protected health information (PHI) of 116,898 patients of Waterville, MA-based HealthReach Community Health Centers has been exposed and potentially compromised. HealthReach Community Health Centers, which operates 11 community health centers in Central and Western Maine, discovered a worker at a third-party data storage facility had improperly disposed of hard drives that contained the data of patients.


Software Supply Chain Attacks Surge 650% in a Year

Permalink - Posted on 2021-09-15 15:00

The insatiable global demand for open source code packages has led to a triple-digit year-on-year surge in upstream software supply chain attacks, according to Sonatype. The supply chain management specialist compiled its 2021 State of the Software Supply Chain report from publicly available and proprietary data. It claimed that global developers would borrow over 2.2 trillion open-source packages or components from third-party ecosystems to accelerate time-to-market. This includes Java downloaded from the Maven Central Repository, Python packages downloaded from PyPi, JavaScript from npmjs and .NET NuGet packages.


Misconfigured Firebase Databases Causing Massive Leaks

Permalink - Posted on 2021-09-15 15:00

Database security has caught the limelight as data breach incidents continue to escalate. Despite multiple warnings in the past to secure crucial databases with passwords, it appears that Firebase administrators have failed to follow the protocols and sensitive user data can still be found online. In a research project conducted in July, Avast found that around 19,300 Firebase databases from a total of 180,300 were left exposed to the internet without authentication.


Desert Wells EHR Data Too Damaged to Recover Post-Attack

Permalink - Posted on 2021-09-15 15:00

An Arizona-based family medical practice says it is attempting to reconstruct thousands of patients' electronic health records following a May ransomware attack that badly corrupted the records as well as backup data. In a Sept. 3 notification letter and data security incident notice posted on its website, 20-year-old Queens Creek, Arizona-based Desert Wells Family Medicine says a May 21 ransomware attack affected many of its IT systems, including badly corrupting patient EHRs and backup data.


Massachusetts Is Probing Huge T-Mobile Data Breach

Permalink - Posted on 2021-09-15 15:00

Massachusetts' attorney general said on Tuesday she will investigate the cyberattack against T-Mobile US Inc that exposed personal information of more than 53 million people. Maura Healey, the attorney general, announced the probe after the third-largest U.S. wireless carrier disclosed the breach on Aug. 16. read more The breach exposed names, birthdays, social security numbers, driver's license information, PIN numbers and other data belonging to an estimated 13.1 million current and 40 million former and prospective T-Mobile customers.


Pennsylvania: Indian Creek Foundation Provides Notification Ransomware Incident

Permalink - Posted on 2021-09-14 15:00

On February 6, 2021, ICF discovered that portions of its computer network were infected with malware that encrypted certain systems. ICF promptly took the affected systems offline, initiated other containment measures, and with the assistance of third-party forensic specialists, launched an investigation into the nature and scope of the incident. The investigation confirmed that certain folders may have been accessed or removed from ICF systems without authorization on February 6, 2021. ICF therefore undertook a lengthy, time-intensive, and thorough review of the potentially impacted folders and its internal files and systems in order to identify the information that was potentially impacted and to whom it related. In conjunction with this review, on or about April 15, 2021, a third-party firm was engaged to programmatically and manually review the information at issue in order to identify impacted individuals and the types of data associated with those individuals. Concurrently, ICF internally reviewed its databases. and, on or about July 14, 2021, first determined that one or more of the potentially impacted folders included protected information related to individuals. ICF continued to diligently review and reconcile the information with its internal records in furtherance of identifying the individuals to whom the data related and the appropriate contact information for those individuals. Those efforts were completed on or around August 24, 2021, at which time ICF determined the scope of impacted individuals and the types of data associated with those individuals as a result of the extensive internal review. ICF thereafter worked to provide notification to potentially impacted individuals as quickly as possible. Although the information varies by individual, the involved ICF systems contained the following types of information at the time of the incident: name, Social Security number, driver’s license number, health insurance information, medical treatment/diagnosis information, and financial account information.


Texas Medical Provider Waited Months to Send Patients Letters About Ransomware Attack

Permalink - Posted on 2021-09-14 15:00

A local health care provider attacked by a ransomware virus did not send letters to patients informing them of the data breach for months, KHOU 11 Investigates has confirmed. Gastroenterology Consultants mailed notices to more than 161,000 patients on Aug. 6, informing them of a “data security incident” that occurred on Jan. 10.


Hacker Compromises Personal Data of NEISD Employees

Permalink - Posted on 2021-09-14 15:00

The North East ISD is alerting current and former employees that a hacker has compromised their personal information. District officials say the cyberattack in late August hacked the email of an employee who handles wire transfers in the payroll department. The hacker tried to have the money wired to a different bank, but the district’s systems detected the irregularity before the funds were transferred. But the hacked employee had access to about five-thousand other employees’ personal information.


Patients Sue DuPage Medical Group Over July 2021 Ransomware Attack

Permalink - Posted on 2021-09-14 15:00

Two DuPage Medical Group patients are taking legal action against the healthcare provider following a July 2021 ransomware attack in which patients’ protected health information was exposed. DuPage Medical Group suffered the ransomware attack in mid-July. The forensic investigation determined unauthorized individuals had gained access to its computer network between July 12 and July 13, and deployed ransomware in an attempt to extort money. The attack caused a major computer and phone outage that lasted around a week. On August 17, the forensic investigators confirmed hackers had gained access to parts of the computer network that contained the protected health information of 655,384 patients, and potentially viewed or obtained patient names, addresses, dates of birth, diagnosis codes, medical procedure codes, and treatment dates. Some Social Security numbers may also have been compromised.


Bot Attacks Grow 41% in First Half of 2021

Permalink - Posted on 2021-09-14 14:00

A new cybercrime report from LexisNexis Risk Solutions has found that bot attacks are up significantly in 2021, growing by 41% in the first half of the year. The biannual report found that the financial services industry and media businesses are facing the brunt of bot attacks while human-initiated attacks fell by 29%. According to the report, financial services companies saw 683 million bot attacks from January to June, while media companies dealt with 351 million, up 174% year over year. The LexisNexis Risk Solutions Cybercrime report is compiled by analysing 28.7 billion transactions over the six-month period through LexisNexis' Digital Identity Network. Digital transactions overall are up nearly 30% this year.


Close to Half of On-Prem Databases Contain Vulnerabilities with Many Critical Flaws

Permalink - Posted on 2021-09-14 14:00

Imperva released the results of the study on Tuesday, which analyzed roughly 27,000 databases and their security posture. In total, 46% of on-premises databases worldwide, accounted for in the scan, contained known vulnerabilities. On average, each database contained 26 security flaws, with 56% ranked as a "high" or "critical" severity bug -- including code execution vulnerabilities that can be used to hijack an entire database and the information contained within. France was the worst offender for unprotected databases, with 84% of those scanned containing at least one vulnerability -- and the average number of bugs per database was 72. Australia followed with 65% (20 vulnerabilities on average), and then Singapore (64%, 62 security flaws per database), the United Kingdom (61%, 37 bugs on average), and China (52%, 74 security issues per database). In total, 37% of databases in the United States contained at least one known vulnerability, and these databases contained an average of 25 bugs.


Financial Services Firms Spend Over $2 Million on Ransomware Recovery

Permalink - Posted on 2021-09-14 14:00

Global financial services firms spent more than $2m on average recovering from a ransomware attack last year, according to new data from Sophos. The UK security vendor polled 550 IT decision-makers in mid-sized financial sector firms around the globe to compile its State of Ransomware in Financial Services 2021 report. It found that a third (34%) of firms in the vertical were hit by ransomware in 2020, with half (51%) admitting their attackers managed to encrypt data. However, although most (62%) were able to restore scrambled data from backups, the recovery costs ascribed to victim organizations from the sector were much higher than the average across all verticals ($1.85m). The figure is also surprising considering that only a quarter (25%) of financial services victims paid the ransom demand — the second-lowest payment rate of all industries surveyed and below the global average of 32%.


Only 30% of Enterprises Use Cloud Services with E2E Encryption for External File Sharing

Permalink - Posted on 2021-09-13 15:00

A recent study of enterprise IT security decision makers conducted by Tresorit shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. Close to three quarters of respondents feel that having an ultra-secure solution to share files externally is more important in the hybrid work era. Their top three concerns when it comes to external file sharing are: government surveillance, the ability to control granular user permission to files, and unintentional errors by employees such as accidentally sending a confidential file in an email to a wrong recipient.


UAE: Moorfields Eye Hospital in Dubai Sees More Staff and Patient Data Dumped

Permalink - Posted on 2021-09-13 15:00

In August, threat actors calling themselves AvosLocker announced that they had attacked Moorfields NHS UK & Dubai. DataBreaches.net’s investigation at that point indicated that the data they provided as proof came from the Dubai hospital and did not involve any UK personnel or patients. In a statement to this site, Moorfields confirmed that there had been a breach but that it only impacted Dubai, and those Dubai patients who had some identity information stolen had been notified. On September 1, the threat actors dumped the remainder of the data they had exfiltrated from the specialty eye hospital.


Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online

Permalink - Posted on 2021-09-13 15:00

On June 30th, 2021 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 61 million records belonging to users around the world. The massive amount of exposed records were related to IOT health and fitness tracking devices. Upon further investigation there were multiple references to “GetHealth”, a New York City based company that offers a unified solution to access health and wellness data from hundreds of wearables, medical devices and apps.


Department of Justice and Constitutional Development of South Africa Hit by a Ransomware Attack

Permalink - Posted on 2021-09-13 15:00

A ransomware attack hit the Department of Justice and Constitutional Development of South Africa, multiple services, including email and bail services have been impacted. The department revealed that the security breach took place on September 6, the IT staff notified law enforcement and is working with them to quickly restore the operations. At the time of this writing there, the DOJCD has yet to reveal the ransomware family that infected its systems.


BlackMatter Ransomware Hits Medical Technology Giant Olympus

Permalink - Posted on 2021-09-13 15:00

A ransom note left behind on infected computers claimed to be from the BlackMatter ransomware group. “Your network is encrypted, and not currently operational,” it reads. “If you pay, we will provide you the programs for decryption.” The ransom note also included a web address to a site accessible only through the Tor Browser that’s known to be used by BlackMatter to communicate with its victims.


HBP Financial Services Group Notice of Breach

Permalink - Posted on 2021-09-10 15:00

HBP Financial Services Group, LTD (HBP), which serves as the practice administrator for Pathology Consultants of New London, PC (PCNL), was the victim of an IT incident that resulted in the unauthorized access to two HBP email accounts. The investigation revealed that the first sign of unauthorized access occurred between April 30, 2021 and May 20, 2021. The investigation also revealed that the hackers sole focus was to commit financial fraud against HBP.


Philadelphia Mental Health Service Provider Breach Affects 29,000 Patients

Permalink - Posted on 2021-09-10 15:00

The Wedge Recovery Centers, a mental health service provider based in Philadelphia, Pennsylvania, discovered suspicious activity within the computer network on June 25, 2021 which indicated unauthorized individuals had breached the security defenses. Steps were immediately taken to block further access and an investigation was launched to determine the nature and scope of the breach. The investigation confirmed an unauthorized actor had gained access to its network on June 25, 2021; however, no evidence was uncovered during the course of the investigation to suggest any individual’s information had been subjected to actual or attempted misuse as a result of the security breach. A comprehensive review was conducted of all data potentially affected and that process is ongoing; however, it has now been confirmed that the following types of information were stored in files on parts of the network that were compromised: Name, address, date of birth, Social Security number, and treatment and health insurance information.


Singapore: MyRepublic Discloses Data Breach Exposing Government ID Cards

Permalink - Posted on 2021-09-10 15:00

MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. MyRepublic states that the data storage has since been secured, but not before an unauthorized person had accessed the data of 79,388 mobile subscribers based in Singapore. The exposed data include identity verification documents for applications for mobile services, including: For affected Singapore citizens, permanent residents, and employment and dependent pass holders — scanned copies of both sides of NRICs; For affected foreigners — proof of residential address documents e.g., scanned copies of a utility bill; and


Organizations Struggling to Develop Cloud Applications That Meet Security Requirements

Permalink - Posted on 2021-09-09 15:00

According to a Security Compass research, in mid-sized to large enterprises, 50% of the software applications being developed are cloud based, and another 30% are expected to migrate to the cloud within the next two years. However, ensuring a secure cloud infrastructure requires a substantial investment in skills and dedication to designing processes that take both risks and business needs into account.


91% of IT Teams Have Felt "Forced" to Trade Security for Business Operations

Permalink - Posted on 2021-09-09 15:00

HP Wolf Security published a new study, the Security Rebellions & Rejections report, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents.


Israel: Mass Data Leak After Bar Ilan University Refuses to Pay Hacker $2.5 Million

Permalink - Posted on 2021-09-09 15:00

Hundreds of thousands of documents and lists containing personal details of students and lecturers at Bar Ilan University have been leaked online, after the institution refused to pay some $2.5 million demanded by a hacker. After the money wasn’t paid, the hacker leaked research, lab documents, papers and lists containing personal information of thousands of people — totaling some 20 terabytes — on the hacker’s website and in a Telegram group.


S. Carolina: Dorchester County Government Notice of February Security Incident

Permalink - Posted on 2021-09-09 15:00

Dorchester County Government (“Dorchester“) announced today a phishing incident involving email accounts within its email environment. The phishing incident resulted in unauthorized access to certain information collected and maintained by the County for a variety of reasons, including names, addresses, email addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, credit card and debit card numbers, usernames and passwords, and medical information. Dorchester is issuing this notice to inform individuals of this incident and provide some recommendations on ways to protect personal information.


S. Africa: International Hacker Group Claims Responsibility for Space Agency Leak

Permalink - Posted on 2021-09-09 15:00

A new internet hacking group has claimed responsibility for a data breach at the South African National Space Agency (SANSA). The group, CoomingProject, emerged recently and according to claims made on its website, it has a list of victims across the world. SANSA confirmed that a data breach took place and said the situation is under control on 6 September. The Agency said it caught wind of a possible breach to its IT system when a file containing SANSA information was found in the public domain.


U.N. Computer Networks Breached by Hackers Earlier This Year

Permalink - Posted on 2021-09-09 15:00

Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web. The credentials belonged to an account on the UN’s proprietary project management software, called Umoja. From there, the hackers were able to gain deeper access to the UN’s network, according to cybersecurity firm Resecurity, which discovered the breach. The earliest known date the hackers obtained access to the UN’s systems was April 5, and they were still active on the network as of Aug. 7.


Data Breach Lawsuit Against Sonic Will Proceed

Permalink - Posted on 2021-09-09 15:00

Litigation filed against American fast-food chain Sonic over a 2017 data breach has been allowed to proceed. Financial institutions brought a lawsuit against Sonic Corp after it emerged that financial data belonging to customers of the restaurant had been stolen in a cyber-attack. The attacker(s) installed malware on a point-of-sale system used at hundreds of Sonic franchises. In a data breach notice issued at the time of the attack, Sonic stated: “Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations.” Sonic is based in Oklahoma City and has nearly 3,600 locations across 45 US states. An investigation into the attack found that customers’ payment card data had been exposed at more than 700 Sonic franchised drive-in locations. Under Sonic’s franchise agreement, the franchisees were required to give Sonic access to their transaction data through a Sonic-managed virtual private network (VPN). Hackers accessed this data using VPN credentials issued to a transaction-processing service by Sonic.


Attacker Breakout Time Now Less Than 30 Minutes

Permalink - Posted on 2021-09-09 15:00

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to CrowdStrike. The findings come from the security firm’s own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes.


Hackers Leak Passwords for 500,000 Fortinet VPN Accounts

Permalink - Posted on 2021-09-09 15:00

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.


New Mēris Botnet Breaks DDoS Record with 21.8 Million RPS Attack

Permalink - Posted on 2021-09-09 15:00

News about a massive DDoS attack hitting Yandex broke this week in the Russian media, which described it as being the largest in the history of the Russian internet, the so-called RuNet. Details have emerged today in joint research from Yandex and its partner in providing DDoS protection services, Qrator Labs. Information collected separately from several attacks deployed by the new Mēris (Latvian for ‘plague’) botnet, showed a striking force of more than 30,000 devices. From the data that Yandex observed, assaults on its servers relied on about 56,000 attacking hosts. However, the researchers have seen indications that the number of compromised devices may be closer to 250,000.


Thailand: Hacker Steals 40,000 Patients' Data from Kidney Hospital

Permalink - Posted on 2021-09-08 15:00

The personal details of more than 40,000 patients at Bhumirajanagarindra Kidney Institute Hospital have been stolen by a hacker, hospital director Thirachai Chantharotsiri said on Wednesday. Dr Thirachai said staff of the hospital in Ratchathewi district of Bangkok could not access the database of patients on Monday. A check on the system found that the information had been stolen. The stolen data included patients' personal information and treatment history, he said.


W. Virginia: Bridgeport City Government Hacked, Residents Put on Notice

Permalink - Posted on 2021-09-08 15:00

Residents of Bridgeport have been notified city government was hacked in late May of this year. A five-page letter to residents said city IT systems were encrypted by ransomware that lets hackers hold data until a ransom is paid. There is no proof hackers were able to access information, but information that was available includes social security numbers, birth dates, addresses, driver’s license numbers and any other information used to establish any city account.


New Zealand Banks, Post Office Hit by Outages in Apparent Cyber Attack

Permalink - Posted on 2021-09-08 15:00

Websites of a number of financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyber attack. The country's Computer Emergency Response Team (CERT) said it was aware of a DDoS (distributed denial of service) attack targeting a number of organisations in the country. It was "monitoring the situation and are working with affected parties where we can," CERT said on its website. Some of the affected websites affected by the attack according to local media reports included Australia and New Zealand Banking Group's New Zealand site and NZ Post.


Howard University Announces Ransomware Attack, Shuts Down Classes on Tuesday

Permalink - Posted on 2021-09-07 15:00

Howard University announced on Monday that it has been hit with a ransomware attack, forcing the school to shut down classes on Tuesday, according to a statement from the prominent HBCU. The school said that on September 3, members of their technology team noticed "unusual activity" on the university's network and shut it down in order to investigate the problem. They later confirmed it was a ransomware attack but did not say which group was behind the attack. The school was forced to cancel all classes on Tuesday in order to address the issue and the campus is only open to essential employees. Even the campus Wi-Fi is down. They noted that some cloud applications will remain accessible to students and that they will continue to update students and faculty at 2pm each day.


Nevada Restaurant Services, Inc. Provides Notice of Data Privacy Event

Permalink - Posted on 2021-09-07 15:00

Scope of information potentially involved includes individuals’ name, date of birth, Social Security number, driver’s license number or state ID number, passport number, financial account and/or routing number, health insurance information, treatment information, biometric data, medical record, taxpayer identification number, and credit card number and/or expiration date.


Thailand: 10,000 Patients Have Data Stolen After Medical Sector Breach

Permalink - Posted on 2021-09-07 15:00

Officials have rushed to downplay the theft by a hacker of more than 10,000 patients' personal details from Phetchabun Hospital, describing the information as "not important". Phetchabun governor Krit Kongmuang was among those who responded to initial reports on social media that the data of 16 million patients of the Public Health Ministry had been hacked and put up for sale on Sunday. On Tuesday morning Mr Krit quoted the Phetchabun public health office as reporting that data was lost from Phetchabun Hospital, but involved nowhere near as many as 16 million patients. It was only records of patient admissions and discharges, he said. It was not important.


Pennsylvania: Penelec Customers Must Reset Passwords After Security Breach

Permalink - Posted on 2021-09-07 15:00

The parent company of Penelec and other electric companies in our state, the First Energy Corporation, is requiring all customers to reset their passwords due to a security breach. First Energy disabled the online accounts and asked customers to reset the passwords on Friday after detecting hackers making numerous unauthorized attempts to log into customer accounts. Although the majority of the hacking attempts were unsuccessful, some of the logins were completed.


Netherlands: Hacker Puts Stolen Data Online Because College Refuses to Pay

Permalink - Posted on 2021-09-07 15:00

The hacker who earlier this month stole data from students and employees of the Hogeschool van Arnhem en Nijmegen (HAN) has put it on the internet. RTL Nieuws reports this on Tuesday after viewing the data. The hacker demanded a ransom, but the university previously said it would not pay. The person, who uses the pseudonym ‘masterballz’ on the internet, then decided to put the data online. According to RTL News, the stolen data is now distributed via a popular download service.


Ireland: Credit Unions Demand Assurances from Central Bank After Data Leak Blunder

Permalink - Posted on 2021-09-07 15:00

A leading credit union body is seeking assurances from the Central Bank that it can protect the personal data of people who have to register with it. The call from the Irish Leag