The Office of Inadequate Security
Sergiu Gatlan reports: Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. The threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data, including names, contact information, building locations, email addresses, and more….
Lawrence Abrams reports: Hackers breached ESET’s exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. A data wiper is malware that intentionally deletes all of the files on a computer and commonly removes or corrupts the partition table to make it harder to…
Sydney J. Freedberg Jr. reports: AUSA 2024 — Army undersecretary Gabe Camarillo announced here Tuesday that the service would create a secure online enclave where small businesses can work with sensitive information under the Army’s protection — a potential lifeline for smaller firms struggling to meet Pentagon cybersecurity requirements and defend themselves against high-end threats like China. Known as…
Here’s today’s reminder that it’s not just HHS OCR that entities need to be concerned about in terms of enforcement of data security requirements for health data. ASRC Federal Data Solutions LLC (AFDS), headquartered in Reston, Virginia, has agreed to resolve False Claims Act allegations in connection with a government contract related to its storage…
Marianne Kolbasuk McGee reports: A Texas-based healthcare revenue cycle management firm is notifying nearly 400,000 individuals of a hacking incident that it says originated with another third party. The incident is among a growing list of major health data breaches implicating vendors and affecting tens of millions of patients so far this year. Gryphon Healthcare…
Connor Hart reports: ADT is working with third-party cybersecurity experts and federal law enforcement to address an incident in which an outside party had illegally accessed its network, obtaining encrypted employee data. The Boca Raton, Fla., home-security company on Monday said that the outside party, which it called an unauthorized actor, was able to access…