Author: rescue@crimefire.in

WICHITA, Kan. (KWCH) – A Kansas health clinic issued a notice to federal law enforcement about a data breach that happened late last year. The Hutchinson Clinic said around Dec. 21, it was made aware of suspicious activity related to its computer systems.
The clinic said a hacker they labeled “an unauthorized actor” had the ability to acquire information that included names, contact information, Social Security numbers, driver’s license numbers, health insurance information and physician names.
The Hutchinson Clinic said it immediately launched an investigation with assistance from third-party forensic specialists “to secure [its] network and to determine the nature and scope of the activity.”
The response includes an ongoing effort to alert any current or former patients and employees whose information may have been impacted. The clinic included the following statement with its notice:
“We at Hutchinson Clinic take this event and the security of your information seriously. Upon learning of this event, we immediately took steps to secure our network and maintain operations in a safe and secure fashion. As part of our ongoing commitment to the privacy of personal information in our care, we are working to review our existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information on our systems.”
Copyright 2023 KWCH. All rights reserved. To report a correction or typo, please email news@kwch.com

source

On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and resulted in a breach of the personal information of nearly 46,000 patients. The hacking incident involved legacy data from databases that were not in business use, but that DDC had acquired as part of an acquisition in 2012. As part of the settlement deal, DDC will pay a fine totaling $400,000. The company will also implement heightened data security measures, including updating the asset inventory of its network and disabling or removing data deemed unnecessary for any legitimate business purpose.
This settlement further indicates that companies that process genetic data, health information, and other sensitive categories of information are going to continue to catch the eye of regulators for data breaches, especially if these breaches are the result of outdated security practices. In addition to state AGs, companies regulated by the Health Insurance Portability and Accountability Act (HIPAA) need to be aware of potential enforcement by the Department of Health and Human Services. And all companies need to be paying attention to FTC enforcement in this space, especially in light of its recent enforcement action against GoodRx. Businesses that process sensitive personal information in the ordinary course of business should proactively review and update their security practices to mitigate their potential risk of a security incident (as well as a subsequent regulatory investigation).
This settlement also highlights the importance of safeguarding legacy data. Organizations storing protected health information and other sensitive personal information should conduct risk analyses and comprehensive due diligence of legacy databases, along with monitoring databases actively in use. Companies should also review and revise their data retention and disposal policies as needed to limit their relevant risk.
We have provided a summary of the incident and settlement as well as critical considerations below. Please feel free to reach out to us with any questions you may have.
DDC’s Data Breach
DDC is one of the largest private DNA testing laboratories in the United States. The affected databases contained sensitive information of over 2 million individuals who had received DNA testing services between 2004 and 2012, including names, social security numbers, and payment information. DDC had acquired these databases from Orchid Cellmark in 2012. This data had been archived as was not used for any business purpose. According to DDC, the company was unaware that this data had been inadvertently transferred as part of the acquisition.
DDC discovered the data breach that prompted the investigation on August 6, 2021, when the company detected suspicious activity in some of its archived databases. The internal investigation concluded that the databases had been subject to unauthorized access between May 24 and July 28, 2021. An unauthorized third party had logged in via VPN on May 24 using a DDC account, having harvested credentials from a domain controller that provided password information for each account in the network. Using a test account with administrator privileges, the hacker installed the malware Cobalt Strike to exfiltrate the data over the course of two months. 5 servers that contained backups of 28 databases were compromised in the incident. In September 2021, the threat actor demanded payment from DDC for the return and deletion of the stolen data and payment was made.
According to court documents, prior to the data breach, a third-party data breach monitoring vendor had detected the breach and attempted to notify DDC of suspicious activity. The attempts to alert the company had been overlooked by company employees for nearly two months.
Alleged Violations and Settlement Terms
The states’ attorneys general investigation concluded that DDC engaged in deceptive or unfair cybersecurity practices by making material misrepresentations in its privacy policy regarding its safeguarding of consumers’ personal information, which left consumers’ personal data vulnerable to unauthorized access.
In addition to the fine, the settlement requires DDC to maintain reasonable security policies to protect consumer personal information. DDC will also ensure timely software updates, penetration-testing of its networks, and implementation of reasonable access controls such as multi-factor authentication. Particularly regarding legacy systems, DDC will conduct annual security risk assessments of its networks and disable or remove any assets not necessary for any legitimate business purpose.
Key Considerations for Companies
Any organization maintaining sensitive user information should keep the following considerations in mind:
Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an “engagement letter”) you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.
Thank you for your interest in WilmerHale.

source

Breach Notification , Business Continuity Management / Disaster Recovery , Cybercrime
Ireland’s child and family agency, Tusla, says it is beginning a months-long process to notify 20,000 individuals that their personal information was exposed in the May 2021 ransomware attack against the Health Service Executive.
See Also: State of Brand Protection Report
The HSE is Ireland’s publicly funded national healthcare system and social services agency. It formerly provided IT services to Tusla.
An investigation into the ransomware attack against HSE, led by An Garda Síochána – Ireland’s police force – found that “some personal information belonging to a number of people who have been involved with Tusla services and a small number of Tusla employees was illegally accessed and data was copied,” the agency says.
Data handled by Tusla includes information gathered by providing child protection and welfare services; adoption and foster care; early years services; domestic, sexual and gender-based violence services; family and community support services; and more.
Tusla says the process of notifying the 20,000 victims likely won’t be complete until November.
Working with Ireland’s data protection authority – the Data Protection Commissioner, which enforces privacy rules, including the EU General Data Protection Regulation – Tusla says it has developed a notification process for victims. All individuals whose personal details were exposed in the attack on HSE will receive a registered letter via the national postal service.
Each letter will contain a unique PIN for each breach victim, which they can use to access their information through the Tusla Personal Information Access Portal, backed by telephone-based support if they need assistance. Alternately, victims can set up an in-person meeting with a case worker to review the data that was exposed.
Tusla says the delay between the attack and eventual victim notification is due to the challenge of reconciling which records were exposed and the patients associated with the records.
“At the end of December 2021, An Garda Síochána provided Tusla with a copy of the files that were illegally accessed and copied,” it says. “Tusla has undertaken an extensive process to carefully review all of this information, to identify individuals affected in accordance with GDPR guidance, and guidance from the Data Protection Commission.”
On a per-victim basis, the agency has also had to review all of the exposed records to redact any information they might contain about other individuals, when necessary, to protect those individuals’ data rights.
“We acknowledge that it has taken some time for the commencement of this notification program; however, it was crucial that each record that was affected by the cyberattack was carefully reviewed to identify the people affected,” says Kate Duggan, Tusla’s director of services and integration.
“We also have to ensure that letters are being sent to verified addresses,” she adds. “Notifications will continue over the coming months, and we ask for understanding and patience as we continue to work through this complex process.”
Tusla says that it will communicate with victims only by registered letter and never by text messages, phone calls, emails or social media.
Despite the personal data having been exfiltrated during the Conti attack, it’s possible that none of it has been sold via cybercrime forums or dumped via data leaks.
“We have seen no evidence that any of the Tusla information that was affected has been published on the internet or dark web, and we are continuing to monitor the situation with the assistance of cybersecurity experts,” Duggan says. “There is also no evidence that any of the Tusla information has been involved in scams or other fraudulent activity.”
The now-defunct Russian ransomware group Conti took credit for the attack, which began on March 16, 2021, with a phishing email carrying a malicious Microsoft Excel file attachment. By the end of the attack, on May 14, 2021, nearly 80% of data managed by HSE – including medical and banking information – had been forcibly encrypted, and attackers held the decryption key.
Separately, HSE has already notified approximately 113,000 individuals – 94,800 patients and 18,200 staff members – that their data may have been stolen by attackers.
While Conti made a big show of providing a “free” decryptor to HSE, on account of it being part of the National Health Service, cleanup costs have been extreme. As of October 2022, mitigating the attack, restoring systems, probing the incident and notifying victims had already cost more than 80 million euros – or $85 million.
HSE also has been overhauling its IT environment in light of numerous deficiencies identified by consultancy PricewaterhouseCoopers, which it hired to review its cybersecurity posture.
Following the May 2021 attack, Tusla says it had systems restored by June 30, 2021. Since then, it has largely stopped using any HSE-managed IT systems.
“Much of Tusla’s IT infrastructure has since undergone a migration to Tusla-owned and secured systems, of which cybersecurity is a cornerstone,” the agency says. “We are monitoring and regularly assessing our systems for vulnerabilities and opportunities for improvement with the assistance of cybersecurity experts, to help protect the data that we hold from any future attacks.”
Executive Editor, DataBreachToday & Europe, ISMG
Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement
whitepaper
whitepaper
whitepaper
3rd Party Risk Management
Breach Notification
Governance & Risk Management
Attack Surface Management
Governance & Risk Management
Continue »
90 minutes · Premium OnDemand 
Overview
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:
Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)
Was added to your briefcase
Ireland Set to Notify 20,000 More Health Data Breach Victims
Ireland Set to Notify 20,000 More Health Data Breach Victims
Sign in now
Need help registering?
Contact support
Complete your profile and stay up to date
Contact Support
Create an ISMG account now
Create an ISMG account now
Need help registering?
Contact support
Sign in now
Need help registering?
Contact support
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.

source

Hackers allegedly attacked RailYatri servers yet again on February 16, stealing the data of 31 Mn users and posting it on BreachForums, a cybercrime forum
However, the company denied it and said that the data referred to by the cybersecurity expert is old data that was exposed in December 2022
The development comes nearly three years after the ticketing platform suffered a data breach, exposing user data of some 7 Lakh users
Update: 22nd Feb, 23:00 IST
After publishing this story, RailYatri contacted us to clarify the matter. According to the company, there has been no new data breach. It stated that the data referred to by the cybersecurity expert is old data that was exposed in December 2022. Since then, the company has taken the necessary steps to ensure the safety of user data.
The below story has been edited to include RailYatri’s comments.
Indian train ticketing platform RailYatri has allegedly suffered another data breach, exposing the data of more than 31 Mn (31,062,673) users. This is the second incident nearly three years after the government-sanctioned ticketing platform suffered a data breach, exposing user data of some 7 Lakh users. However, the company has denied the allegations.
Cybersecurity researcher Anurag Sen notified Inc42 of the development on Monday (February 20), after having detected the leak last week. According to him, user email addresses, full names, genders, phone numbers and locations, were exposed during this data breach.
According to Sen, in February 2020 also, he identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication. He then claimed to have informed RailYatri about the leak, but the company initially denied that the server was theirs. 
However, after the Indian Computer Emergency Response Team (CERT-In) got involved in August 2020, the company claimed that it was a test server and later secured it. “Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted CERT-In, the server got closed,” Sen told Inc42.
Hackers allegedly attacked RailYatri servers again on February 16, stealing the data of 31 Mn users and posting it on BreachForums, a cybercrime forum, Sen noted. A hacker called UNIT82 posted a database 12.33 GB in size, which was alleged to be the RailYatri user data. 
However, as per the company, it has not suffered any data breach on February 16. It stated that the data referred to by the cybersecurity expert is old data that was exposed in December 2022.
 
“I have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,” Sen added.
Indian startups have become easy targets for hackers and other malicious entities on the internet for such data breach incidents. These data breaches could lead to other cybercrimes, including identity theft and phishing attacks, among others.
Earlier this month, Inc42 reported the data leak at the social media platform for teenagers Slick. The app had exposed the data of 153K users at the time but had been proactive in fixing the issue once it was detected and reported.
Last year, Flipkart-owned online travel aggregator (OTA) Cleartrip was the target of a cyberattack which resulted in a major data breach. In 2021, Mobikwik and Upstox were among multiple startups that had data breaches, exposing the data of millions of users.
India remains one of the worst-hit countries in the world in terms of cyberattacks, as a recent government report noted that the country had 13.91 Lakh cybersecurity incidents last year, as tracked by the government. 
However, Google’s vice president of engineering for privacy, safety and security Royal Hansen said in August 2022 that India witnessed as many as 18 Mn cyberattacks per day in Q1 2022.
A Deep Dive On India’s Tech & Startup Economy
Join our exclusive community of business leaders &makers for in-depth tech stories and intelligence on India’s tech economy you won’t find elsewhere.
9,999
₹4,999
Annual Membership
1 YEAR OF unlimited ACCESS
9,99
₹7,99
1-Month Trial
TRY Inc42 plus for 1 MONTH

source

Home > News > No-win, no-fee lawyers circling Arnold Clark over data breach
News
Jack Williams
9:23 am, February 21, 2023
Share
A top firm of London lawyers has launched a ‘no-win, no-fee’ scheme to help victims of the recent data breach at Arnold Clark.
The dealer group suffered a cyber attack just before Christmas and customers’ personal information has since been published on the dark web.
The Scottish outfit says it ‘takes the protection of customer data extremely seriously’ but a large group action could now be on the horizon.
Legal firm Keller Postman has set up a ‘Get Justice for the Arnold Clark Data Breach’ scheme, which could result in huge compensation packages being paid out.
The lawyers have even created an instant eligibility checker on their website and are encouraging potential victims to come forward.
Writing on its website, Keller Postman accused Arnold Clark – the most profitable dealer group in the UK – of making the attack ‘easier’ with ‘failures to adopt standard security measures’.
‘Customers of Arnold Clark may have had their personal information exposed following a data hack,’ the company said.
‘The breach happened after hackers broke into the car dealer’s systems. Tens of thousands of people are thought to be at risk.
‘According to various media reports, the stolen data includes names, dates of birth, phone numbers, email addresses, copies of passports and home addresses.
‘One national newspaper claims that copies of bank statements have also been stolen.
‘As of 26 January 2023, the hackers have already released 15 gigabytes of sensitive data. Another, much larger upload is threatened if the cryptocurrency ransom is not paid.
‘Keller Postman UK has launched an investigation to find out what happened and how this breach affects Arnold Clark customers.
‘We believe that failures to adopt standard security measures may have made this attack easier.’
The cyber attack was carried out on December 23, although it was initially believed to have been on Christmas Eve.
At the time, bosses insisted that customer information was safe but were later forced to concede that personal data had been compromised.
In an update posted last week, Arnold Clark said it was ‘proactively contacting’ customers who may have been affected.
Three weeks have now passed since the firm told its first customers that hackers may have gained access to their bank details and ID documents.
Last month, Car Dealer reported that hackers were demanding millions in ransom to avoid a massive upload of customer information to dark web.
‘Arnold Clark takes the protection of our customer data extremely seriously,’ the firm said in its most recent update.
‘Therefore, we have now taken the decision to proactively contact customers who may have been affected to make them aware of the cyber incident, and to offer them guidance and protection in conjunction with our partners Experian.
‘We are working to protect our customers as a matter of priority, and we will continue this process to ensure all our customers who may have been affected by this incident are made aware and are offered assistance and protection.
‘Arnold Clark remains in regular contact with the regulatory authorities and is continuing to seek guidance from the police.’
Last October, Pendragon was also hit with a cyber attack. Those hackers – another group – threatened to release the data too but never did. Pendragon refused to pay the ransom.
Firms that suffer data breaches face being fined millions by the ICO.
Leading dealership boss Robin Luscombe recently told the Car Dealer Podcast that firms have been left defenceless against an ‘industry of fraudsters and scammers’.
Car Dealer has approached Arnold Clark for comment.
Car Dealer Live – the future of the car dealer – exclusive conference features talks from leading car dealers, Google and Auto Trader among much more. Find out the full event details and book tickets.
Jack joined the Car Dealer team in 2021 as a staff writer. He previously worked as a national newspaper journalist for BNPS Press Agency. He has provided news and motoring stories for a number of national publications including The Sun, The Times and The Daily Mirror.
The latest…
Check out…
Account links…
Car Dealer Magazine
© Blackball Media 2021

source

After web hosting firm GoDaddy revealed a multi-year breach resulting in stolen source code and malware that triggered some customers’ websites to redirect visitors to malicious URLs, questions are being raised about the lasting impact of the breach and the slow rollout of details to customers.
Specific revelations of the attack were made public on Thursday via a GoDaddy 10-K filing with the U.S. Security and Exchange Commission (SEC). The SEC filings were in response to Federal Trade Commission subpoenas tied to the incidents, first made public May 2020. At the time, GoDaddy did not detail the extent of the breach.
The GoDaddy disclosure last week also did not include technical details for the breaches or indictors of compromise that could be used by customers to fend off attacks or determine if they were impacted.
A post-breach analysis of the incident by GoDaddy indicated three significant attacks by one intruder.
One in December 2022, GoDaddy reported for the first time a sophisticated threat actor gained access to its cPanel hosting servers, then installed malware that “intermittently redirected random customer websites to malicious sites.”
On Feb. 16, GoDaddy issued a separate statement stating: “Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.”
Last week’s disclosure of three separate attacks was the first time the company revealed the December 2022 breach and also the first time it linked the three attacks together.
In November 2021, the company reported the same attacker compromised its GoDaddy Managed WordPress service, a customized content management system made available to its customers. The intruder obtained source code tied to the WordPress system that allowed a further intrusion of the platform that included admin credentials for the service, access to FTP accounts and email addresses for 1.2 million current and inactive customers.
Finally, GoDaddy said on March 2020 the attacker compromised 28,000 log-in credentials belonging to customers along with credentials tied to a “small number” of employee accounts.
Security researchers said the timeline of this breach has them concerned. Dwell times dating back several years tend to indicate poor overall security, a lack of threat hunting, and other systemic issues.
Hosting companies like GoDaddy have an unusual position on the internet that makes them a very attractive target for attackers, say security researchers. On the surface, they have an aggregation effect – hosting a lot of web infrastructure – so hack one target, receive many payoffs. It’s very useful for large-scale campaigns in which attackers need infrastructure to host and deliver malicious payloads.
Zane Bond, head of product at Keeper Security, theorized that if an advanced threat actor was lurking in GoDaddy’s system for multiple years and had been relatively quiet during that time, there’s no good reason for that attacker to suddenly begin redirecting low-value websites. Instead, Bond said this may be a case of multiple attackers breaching the company’s network simultaneously. 
GoDaddy maintains, in its filings and public statements, that the attacks were carried out by one intruder. It’s unclear if the attacker was one individual or one group.
“A junior attacker could have been the one to begin redirecting these websites, which shined a light on other threat actors that were already inside,” said Bond.
Andrew Barratt, vice president at Coalfire, said while the source code intrusion is of great interest to attackers, the real gold mine is more likely GoDaddy’s domain hosting: the database of domain names to IP addresses and all the associated metadata. 
Barratt said if attackers were eventually able to compromise DNS servers, it’s possible to change the direction of traffic, pointing legitimate entries to malicious sites – without the underlying sites necessarily realizing immediately, as they’re not subject to compromise.
In the case of the redirects reported by GoDaddy, the intruder planted malware on the website to conduct the redirects to malicious URLs.
Security pros grimace at GoDaddy’s delay in releasing details of the breach that would have been valuable to customers and IT security teams. While customers were notified in May 2020 of an attack, a dearth of specifics related to the incidents and a list of indicators of compromised would of served customers better, security professionals argue.  
According to the Identity Theft Resource Center those companies’ that do report breaches are increasingly revealing less. A recent study found just 34% of public breach notices in the U.S. over the past year contained basic details around attack methods or victims the fewest number tracked, the lowest number tracked over the past five years and a 50% drop since 2019.
The reluctance by companies to report breaches and details tied to attacks has real world consequences for unaware victims, according to the report. Less information puts impacted customers and businesses at higher risk for identity theft, fraud and spearphishing attacks that rely on stolen data.
Brett Callow, a ransomware researcher at Emsisoft, told SC Media that this lack of visibility has been particularly noticeable around ransomware, where it’s widely understood that many companies and even governments decide to quietly pay or avoid reporting to a breach to the public.   “Information is power and in cybersecurity, it’s the path to prevent other, similar incidents. The more we know the more effective our counterstrategies can be,” said Callow.
(SC Media reporter DEREK B. JOHNSON contributed to this report)
February 28, 2023
Menghan XiaoMarch 17, 2023
Among the proposed rules are requirements for broker-dealers to notify their customers about the data breach within 30 days, while immediately informing the SEC of cyber incidents.
SC StaffMarch 16, 2023
Dish Network has yet to provide more details regarding the extent of a ransomware attack that impacted its systems two weeks ago, TechCrunch reports.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2023 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.

source

On December 4, hackers successfully phished an employee at the games giant Activision, gaining access to some internal employee and game data.
This data breach was not disclosed until last weekend, when cybersecurity and malware research group vx-underground posted on Twitter screenshots of the stolen data, as well as the hackers’ messages on Activision’s internal Slack channel.
But the public weren’t the only ones caught off guard by news of the breach. Activision has yet to notify its own employees of the data breach, and whether their data was stolen, according to two current Activision employees who spoke on condition of anonymity, as they were not allowed to talk to the press.
“This is a problem. If there is employee’s information involved, they should have disclosed the breach,” one of the employees told TechCrunch.
Activision spokesperson Joseph Christinat told TechCrunch that “there are no requirements for a company to notify when there is no evidence of sensitive data access.”
In response to news of the breach, Christinat had previously shared a statement that said Activision “swiftly” responded to an SMS phishing attempt and “quickly resolved it.” According to the statement, the company “determined that no sensitive employee data, game code, or player data was accessed.”
The hacker or hackers were able to access a series of spreadsheets that included employee data such as full names, some telephone numbers, corporate email addresses, and in some cases, the offices where they work, according to a copy of the stolen data, which vx-underground shared with TechCrunch.
Activision, which publishes household games such as Call of Duty and World of Warcraft is in the process of being acquired by Microsoft in a deal valued at $68.7 billion. Regulators in the U.S., the European Union, and the U.K. have opposed the deal.
Activision, which also owns Blizzard, is headquartered in California. The state has a data breach notification law that requires companies to notify victims of data breaches when 500 or more state residents are affected, and mandates that “the disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement.”
The law defines “personal information” to include Social Security number; other forms of ID such as driver’s license number; California ID card; “tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual”; medical and health insurance data; credit card numbers; and biometric and genetic data.
This story was updated to include a comment from an Activision spokesperson.
Do you have more information about this data breach? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.

source

CentraState Medical Center in Freehold. Patti Sapone | NJ Advance Media
CentraState Medical Center failed to protect the sensitive data of thousands of patients, exposing them to a heightened risk of identity theft, according to a proposed class action lawsuit filed Monday in Superior Court of Monmouth County.
The breach involved a cache of personal data belonging to 617,000 patients during a cyberattack in late December that paralyzed the Freehold hospital.
If you purchase a product or register for an account through one of the links on our site, we may receive compensation.
Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookie Statement, and Your Privacy Choices and Rights (each updated 1/26/2023).
Cookie Settings/Do Not Sell My Personal Information
© 2023 Advance Local Media LLC. All rights reserved (About Us).
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Advance Local.
Community Rules apply to all content you upload or otherwise submit to this site.
YouTube’s privacy policy is available here and YouTube’s terms of service is available here.
Ad Choices

source

It was a cyber-security incident that made headlines across the country late last year. Although the company involved waited until now to confirm it.
The Maritime-based Empire Co. – parent company of Sobeys – acknowledges customers and employees past and present are receiving letters saying their personal information may have been compromised.
Bill Zebedee received his letter in the mailbox late last week from Medical Health Care Services Inc. (MHCSI) — the company that provides group benefit plans and works with pharmacies, including Sobeys and Lawtons.
Zebedee said when he first read the letter he was confused.
“I was very surprised because I never heard of the company. I contacted them to confirm it was real,” he said.
The letters informed recipients that an unnamed third party gained access to Sobeys servers on Nov. 1, 2022.
Experts say more letters may be sent out.
“This is one particular sub-company within the overall Empire Co. group of companies who may be affected, so we may see different kinds of these letters arriving,” said cyber security expert David Shipley.
The company was heavily criticized for its lengthy silence on the issue for weeks. Business professor Ed McHugh said the letters come as no surprise.
“This breach was large when it happened because they couldn’t accept gift cards at Sobeys for a while and Lawtons [also] had some issues, so we knew the breach was significant and Sobeys had been very quiet about this matter," adds McHugh.
In an email to CTV News, Sobeys said, “With the help of external experts, we have investigated how an unauthorized third party gained access to some of our servers and systems. The process to identify what data has been impacted has been extremely complex, and we’ve now reached a point where we can notify those who were potentially impacted.”
The retail giant also said, “We have seen no evidence that personal data was accessed or removed from our servers; however, out of an abundance of caution, we have sent notifications to those who could have been potentially impacted and in compliance with our regulatory obligations. IT security is and has always been a priority for us. Trust and transparency matter deeply and we regret that this event occurred.”
While the letter shares how the information could potentially be used by hackers, Shipley said clearer communication should have been provided much sooner.
“They should have had a media release in an actual press conference and say we’ve started the process of notifying people, so that way we could have had some understanding of who was going to get what notification so people could actually trust them,” he said.
Sobeys has not been alone in dealing with cyber security issues. In recent years, hackers have targeted various businesses and organizations. McHugh said in this case, it is best to be cautious.
“Be very vigilant in phone calls and emails and if something sounds too good to be true, it probably is,” he said.
As for now, it’s unclear how many letters have been sent out, however, we have learned employees are being offered a one-year subscription to a credit monitoring service.
Letters also urge recipients to keep an eye out for possible phishing attempts and avoiding clicking links or downloading attachments from suspicious emails.
An Ontario woman has launched a lawsuit seeking $500,000 from Tim Hortons after she suffered major burns from an alleged ‘superheated’ tea. The company has denied all allegations and said she was ‘the author of her own misfortune.'

Five children from Connecticut, ranging in age from 8 to 17, were killed in a fiery early morning crash Sunday on a New York highway, police said.

Conservative Leader Pierre Poilievre is calling for a national standardized testing process to be created in order to speed up the licensing process for doctors and nurses who are either immigrants or were trained abroad.

Even at one of the tallest natural peaks on Earth, humans have left their mark in a trail of bacteria as researchers have found germs from coughing and sneezing that have been potentially preserved for centuries on Mount Everest.

President Vladimir Putin always relished his global outings, burnishing his image as one of the big guns running the world but with the International Criminal Court's war crimes charges against him, Putin's world just got smaller.

A Ukrainian charity tells CTVNews.ca how women on the front lines of the war in Ukraine do not have proper equipment and are struggling with the realities of being in a conflict zone. Here are their stories.

The possibility that Donald Trump may be charged for allegedly covering up hush money payments to a porn star during his 2016 campaign is garnering sympathy for the Republican former president, New Hampshire Governor Chris Sununu said on Sunday.

A host of comedic and entertainment royalty gathered at Washington's Kennedy Center to present comedy icon Adam Sandler with the Mark Twain Prize for American Humor.

King Charles III has remembered the late Queen on the first Mother's Day in the U.K. since her death.

An Ontario woman has launched a lawsuit seeking $500,000 from Tim Hortons after she suffered major burns from an alleged ‘superheated’ tea. The company has denied all allegations and said she was ‘the author of her own misfortune.'

One person is dead and another is in hospital following a two-vehicle collision in Etobicoke early Sunday morning.

A woman who visited Ontario last week said she was walking her dog at night when she came face-to-face with a lion through a chain-link fence — an encounter animal advocates pin on the lack of exotic animal legislation governing roadside zoos in the province.

Around 120 baton twirling athletes competed in the Wild West Competition and regional championships in Calgary this weekend.

When winter is over – and it has to be, doesn't it? – Calgarians turn their attention to other things, such as who they would like to see as the Calgary Stampede parade marshal.

It was Global Recycling Day Saturday and a local organization was recognized for its work diverting material from the landfill.

The body of one victim has been extracted from the rubble of Thursday’s fire at a historic building in Old Montreal. Six people are still unaccounted for.

Two teenagers have been arrested following an armed assault that left a 16-year-old with serious injuries, say Montreal police.

Thousands of Montrealers lined St. Catherine Street to welcome back the first full St. Patrick's Day parade since 2019.

Autopsies confirmed gunshot wounds as the cause of death for two constables responding to a domestic dispute Thursday, the Edmonton Police Service says.

A model train display at Bonnie Doon Shopping Centre incorporates Edmonton's history in its layouts.

As the Edmonton Police Service mourns two officers killed while responding to a domestic dispute, an advocate that works with people experiencing violence and abuse says the tragedy is bringing attention to the rising rates of family violence.

A Timmins youth has been arrested and charged with possession of a stolen vehicle, police say.

An Ontario woman has launched a lawsuit seeking $500,000 from Tim Hortons after she suffered major burns from an alleged ‘superheated’ tea. The company has denied all allegations and said she was ‘the author of her own misfortune.'

Heavy police presence at Corbiere Road on the M'Chigeeng First Nation on Manitoulin Island Sunday afternoon.

Multiple suspects allegedly jumped a pedestrian in Hagersville Saturday, assaulting the victim and striking them with an unknown object before fleeing the area, OPP say.

It was a team effort, but a herd of horses in Petrolia are safely back home after getting loose Sunday morning.

An Ontario woman has launched a lawsuit seeking $500,000 from Tim Hortons after she suffered major burns from an alleged ‘superheated’ tea. The company has denied all allegations and said she was ‘the author of her own misfortune.'

A Manitoban is in New York this week speaking up for the water rights of First Nations people across Canada

The NDP are promising free birth control to Manitobans if they win the provincial election this fall.

SANDVIKEN, Sweden — Canada's Kerri Einarson split her round-robin games Sunday at the world women's curling championship.

The Rideau McDonald's Farewell March brought people from across the city, some dressed in costumes, who wanted to say goodbye to a part of what they say makes Ottawa Ottawa.

If your are yearning to walk the trails around Mud Lake in the Britannia Conservation Area, be aware there are wild turkeys looking for mates. A gang of three have been chasing and pecking at visitors to the nature trail for weeks.

Joe Biden's last official visit to Canada came with a palpable sense of foreboding. Six years later, Biden is coming back — this time as U.S. president — and the world is very different. His message likely won't be.

After weeks of anticipation, the day Saskatoon Blades fans have been waiting for finally came.

A provincial appeal board has overturned a city decision to block the development of a 112-unit apartment on former Knox United Church land.

A Prince Albert police officer totaled their cruiser on Sunday after colliding with another vehicle on 2nd Avenue West.

An international student was swarmed and beaten by a group of people who ripped off his turban and dragged him across the sidewalk by his hair in Kelowna, B.C., Friday evening, according to a local politician.

The re-opening of a popular hiking trail brought crowds of people and fierce competition for parking to North Vancouver's Deep Cove Sunday.

A man described as a "prolific offender" was arrested early Sunday morning after he fled a stolen vehicle on Highway 1 in Abbotsford, according to police.

Travel nurses go from place to place, all over the world, filling in wherever help is needed. To assist with current shortages, some are in Saskatchewan.

Pile O Bones hosted their 18th annual tattoo convention at the Turvey Centre on the weekend where artists from around the country were able to highlight their talent.

Some residents of Saskatchewan's capital city have been vocal with their disapproval of Tourism Regina's latest rebrand, prompting an apology from the organization.

Mounties in Port McNeill violated a suspect's Charter rights by failing to allow him to contact a lawyer promptly after his 2019 drug trafficking arrest, a judge has ruled.

B.C. natural gas users will soon see their bills decrease.

One man is in the hospital in serious condition after being shot in downtown Nanaimo this weekend, according to authorities.

CTV News Programs
Local News
© 2023 All rights reserved. Use of this Website assumes acceptance of Terms & Conditions and Privacy Policy

source

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services.
The company attributed the campaign to a “sophisticated and organized group targeting hosting services.”
GoDaddy said in December 2022, it received an unspecified number of customer complaints about their websites getting sporadically redirected to malicious sites, which it later found was due to the unauthorized third party gaining access to servers hosted in its cPanel environment.
The threat actor “installed malware causing the intermittent redirection of customer websites,” the company said.
The ultimate objective of the intrusions, GoDaddy said, is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
In a related 10-K filing with the U.S. Securities and Exchange Commission (SEC), the company said the December 2022 incident is connected to two other security events it encountered in March 2020 and November 2021.
The 2020 breach entailed the compromise of hosting login credentials of about 28,000 hosting customers and a small number of its personnel.
Then in 2021, GoDaddy said a rogue actor used a compromised password to access a provisioning system in its legacy code base for Managed WordPress (MWP), affecting close to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source