So after HaveIBeenPwned started notifying users of a MoDaCo breach, and users started complaining on MoDaCo’s forum as to why they hadn’t been informed of the breach by MoDaCo and would MoDaCo please delete their accounts, MoDaCo issued the following statement: Earlier today a number of users contacted us to inform us that data breach tracking…
Month: September 2016
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
CORRECTION: The massive hack that wasn’t
UPDATE 9-21-2016 Over the past two days, DataBreaches.net provided the First Bank of Ohio with samples from two files that “Fear” claimed were from them. They have firmly denied that either file is theirs: These have nothing to do with us. The second group are businesses that are applying for liquor licenses in Ohio. The…
OK: Saint Francis Investigating Hack by Seeming TDO Copycats
Well, Saint Francis Health System ignored multiple inquiries from me about the alleged hack I reported on recently, but now they’ve apparently issued a statement. Amy Slanchik of Newson6 in Oklahoma reports, in part: Roberts said after working with forensics investigators, they discovered the information taken from the server appears to be a list of about…
Guilty Plea of Krystle Steed for Taking Over Hospital Patients’ Bank Accounts
There’s a follow-up on a case previously noted on this site in December of 2015. Here’s the new press release: Manhattan District Attorney Cyrus R. Vance, Jr., today announced the guilty plea of KRYSTLE STEED, 31, for using personal information stolen from patients of Lenox Hill Hospital to take over victims’ bank accounts and place…
Nearly 800,000 FTP Servers Accessible Online Without Authentication
Catalin Cimpanu reports: A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials. The perpetrator of this scan is a security researcher that goes by the name of Minxomat, owner of a cyber-security firm that performs these types of…