Undisclosed number of Boy Scouts and their parents had their information...
Katie Peralta reports: A partner of the Boy Scouts of America inadvertently exposed the personal information of children and their parents last month. What happened: Boy Scouts nationwide sell popcorn...
View ArticleSecret Service Investigates Breach at U.S. Govt IT Contractor
Brian Krebs reports: The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime...
View ArticleTortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply...
Symantec reports: A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end...
View ArticlePresbyterian Health business associates disclose breach
Magellan Healthcare and National Imaging Services recently notified OCR of a HIPAA breach impacting 55,637 and 589 patients, respectively. The notification was made to OCR on September 17. A press...
View ArticleMobile County Public Schools impacted by ransomware attack on vendor, back...
You may have been a bit confused by the rapidly changing status involving Mobile County Public Schools in Alabama, who were impacted by a ransomware attack. Their site was down for about 24 hours, but...
View ArticleSaint Mary’s email addresses appear in credential dump following Chegg data...
Maeve Filbin reports: In April 2018, the widely-used tutoring service and textbook provider Chegg experienced a data breach, after an unauthorized source accessed one of the company’s databases. The...
View ArticleDefense Department to tighten data security after settlement with veterans group
Leo Shane III reports: The Defense Department will revamp its Servicemembers Civil Relief Act databases following charges the online information sites exposed millions of troops’ and veterans’ personal...
View ArticleLA: Magnolia Pediatrics notifying patients after attack on IT vendor resulted...
Ellyn Couvillion reports: A pediatrics practice in Prairieville is working with the FBI and has notified its patients’ families of a ransomware virus that in August attacked the computer network of the...
View ArticleMontgomery County Public Schools forces password reset after Naviance hacked
Brad Shear forwarded a notice he received yesterday concerning a breach impacting students of the Montgomery County Public School District. The cover email, from Luana Zimmerman of college career...
View ArticleAU: Tech start-up apologizes to students after potential data breach
Bianka Farmakis reports: Online events promotions company Get has apologised for potentially exposing the names, phone numbers and email addresses of up to 50,000 Australian university students in a...
View ArticleGeisinger Health Plan Notifies Members About Business Associate Phishing...
HIPAA Journal reports: HIPAA Danville, PA-based Geisinger Health Plan has discovered the protected health information (PHI) of some of its members has been exposed as a result of a suspected phishing...
View ArticleCenturyLinks’ suffers data leak due to vendor error
Tim Sandle reports: CenturyLink has reported that a customer information database of 2.8 million records was found exposed. The database was affiliated with a third-party notification platform and has...
View ArticleOpen wide and say, “Ugh, My Data!!!!!”
This is the story of how mapping and analysis of an open elastic search led to the discovery of a misconfigured Amazon s3 bucket that exposed data from hundreds of thousands of dental patients. If you...
View ArticleSenator Demands Review of How DHS Shares PII With Contractors
Akshaya Asokan reports: Sen. Maggie Hasan, D-N.H. is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with third parties...
View ArticleOntario Science Centre data breach exposes 174,000 names, email addresses
David Rider reports: A summertime data breach exposed the names and email addresses of 174,000 Ontario Science Centre members, donors and others including customers for camps and birthday parties, the...
View ArticleKroger reports ‘isolated incident’ involving pharmacy records
Jason Braverman reports: Kroger announced today that a box of pharmacy records was lost. They said in late July, a records management service, Retrievex, Inc., the company’s business associate, shipped...
View ArticleMore victims of yet another Click2Gov breach this week
Yet another report of a data breach involving Click2Gov software by Central Square Technology. Previous coverage of the publicly disclosed breaches from 2017, 2018, and 2019 are linked from here. Also...
View ArticleFlorida Virtual School needs new board, new ethics standards, state education...
Beth Kassab and Leslie Postal report: The troubled Florida Virtual School should get a new governor-appointed board, new ethics standards for employees and a new inspector general inside the school to...
View ArticleMarriott notifies associates of breach at unnamed vendor
In a year that has seen a number of reports that suggest how costly a past data breach may be for Marriott in Canada as well as the U.K. and U.S., Marriott is disclosing yet another breach. On October...
View ArticleCity of Norman, OK temporarily suspends utility payment portal; ditches...
The City of Norman, Oklahoma has suspended its online portal for paying utility bills after they were notified of a potential security incident involving Click2Gov software by CentralSquare...
View Article