Ouch. This isn’t a W-2 phishing attack, but in some ways, it seems even worse. Carmel Unified School District notified employees that a successful phishing attack had gained access to an employee’s email account that had “a limited number of documents.” Those documents may have contained employees’ or dependents’ information: Employee social security numbers Spouses’…
Month: March 2019
Maffi Clinic notifies 10,465 after ransomware incident
On September 11, 2018, Maffi Clinics in Arizona joined the ranks of those attacked by ransomware. From their notification letter (see below), it appears that the clinic was prepared and quickly implemented their incident response plan. The consulting firm promptly identified the unauthorized access point and terminated it; isolated and removed the ransomware; and restored…
Delaware Guidance Services notifies 50,000 parents and guardians after ransomware incident
On February 26, Delaware Guidance Services for Children and Youth, Inc. (“DGS”) sent a letter to parents and guardians of their young patients. The letter explained that on December 25, 2018, DGS had become the victim of a ransomware attack that had locked up the patient records. Those records contained personal information, such as name,…
Pharmacy benefits management vendor discloses ransomware incident
Direct Scripts, a pharmacy benefit management service provider in Ohio, recently notified more than 9,300 patients after discovering that they had been the victim of a ransomware attack. Direct Scripts became aware of the attack on January 30, and immediately launched an investigation to determine what had happened and if any patient protected health information…
Businesses lag on data breach response times
I’ve recently commented a few times on delays to notification in the healthcare sector. Out-Law.com has a piece on data breach response times in the U.K. that provides some useful comparisons. Businesses in the UK took an average of 21 days to report personal data breaches they had identified to the Information Commissioner’s Office (ICO)…
Airline e-ticket systems’ vulnerabilities could compromise PII to hackers
Anthony Kimery reports: Eight airline’s e-ticketing systems can expose passengers’ Personally Identifiable Information (PII) throuvgh a vulnerability using website links that are “easily intercepted by hackers,” according to Wandera, an enterprise mobile security and data management solutions company, in a recent report. “All of the major airlines that we identified are putting passenger data at…