OCR has announced a settlement involving a breach that I never even reported on this site at the time and that doesn’t appear to have been in the news at the time. A quick look at HHS’s “Wall of Shame” shows two entries for the incident at issue: one entry says it was reported on…
Month: January 2017
ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt
Steve Ragan reports: E-Sports Entertainment Association (ESEA), one of the largest competitive video gaming communities on the planet, was hacked last December. As a result, a database containing 1.5 million player profiles was compromised. Citing LeakedSource, Steve reports that there was an alleged extortion demand, but that has been neither confirmed nor disconfirmed by ESEA…
Los Angeles Valley College Hit By Cyber Attack, Pays Ransom
I’ve been sitting on this one for a while because it wasn’t clear if any personal info was involved. CBS had reported that Los Angeles Valley College in Valley Glen was subject to a cyber attack over the winter break, but it was not known how large the breach was or its scope. Now Breitbart is reporting that…
Don’t pay the MongoDB ransom until you check to see if it’s a scam
For the past week, a number of us have been watching the explosive growth of attacks on misconfigured MongoDB installations. Victor Gevers of GDI Foundation and Niall Merrigan, a Norwegian developer, have been providing yeoman service investigating the problem, making notifications, and keeping us all apprised of their findings through their Twitter accounts. It all…
Waterly app potentially exposed up to 1 million Israelis’ details- researcher
A vulnerability in a mobile application that many Israelis use to pay their water or other municipal bills may have left 860,000 – 1,000,000 users at risk of account takeover or theft of their personal information. The Waterly app, by M.G.A.R. Ltd, allows users to sign up to pay their water bills. As part of the process, signing up creates…
VA: Former Nurse Sentenced for ID Theft and Bank Fraud
There’s an update to a case previously noted on this site. Capri M. Williams, 26, of Richmond, was sentenced today to three years in prison for identity theft and bank fraud crimes related to her stealing personal identifying information (PII) of hundreds of patients while employed at Commonwealth Primary Care (CPC), Inc., in Richmond. Williams…