DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Failure to terminate access can be costly. Very costly.

Posted on December 3, 2024 by Dissent

Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential fraudulent Medicare claims. OCR imposed a monetary penalty of $1.19 million for the entity’s failure to:

  • conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems;
  • implement procedures to regularly review records of activity in information systems;
  • implement procedures to terminate former workforce members’ access to ePHI; and
  • implement procedures for establishing and modifying workforce members’ access to information systems.

That’s a costly failure to terminate access.

A Second Example

The following is a second recently disclosed example of  how failure to ensure termination of access contributed to a massive data breach. DataBreaches spotted this one in a court filing from Canada concerning Connor Riley Moucka, aka “Judische,” “Waifu,” and other monikers. The victims mentioned in the court filings refer to entities who suffered intrusions of their Snowflake instance.

On May 29, 2024, representatives from Victim-3 met with the FBI and confirmed that three categories of its information had been stolen from its cloud instance, including customer information for approximately 20 million customers, gift card information, and internal company business documents.

… Victim-3 hired an incident response company to investigate the breach and confirmed its instance had been compromised using stolen login credentials belonging to a former contractor located outside the United States. According to the incident response firm’s investigation, this former contractor’s credential was likely compromised via a credential stealer in approximately 2021 and available in cybercriminal marketplaces as early as May 2021. Stolen credentials are generally available for free and for purchase on the dark web.

Was the contractor still working for the firm in 2021 after their credentials were stolen? When did the contractor terminate employment? How often does this major retailer require all employees and contractors to reset their passwords? Does this retailer require 2FA? What procedures did this retailer have in place to terminate access for employees?

And why, oh why, did those credentials still work three years later in 2024?

How much will their failure to ensure termination of the former contractor’s access ultimately cost this retailer?

Category: Breach IncidentsBusiness SectorInsiderSubcontractorU.S.

Post navigation

← FBI, CISA say Chinese hackers are still lurking in US telecom systems
Unprecedented increase in liability for personal data leaks in the Russian Federation to take effect in May 2025 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.