HHS’s public breach tool added a listing today that was submitted by the Khalil Foundation (DBA Khalil Center). The center describes itself as a psychological and spiritual community wellness center advancing the professional practice of psychology rooted in Islamic principles. They are covered by HIPAA. On December 22, they notified HHS that 1153 individuals had…
Author: Dissent
Feds claims just 7% of available funds from OPM breach settlement, remainder returns to Treasury
Eric Katz reports: Current federal employees, retirees and others impacted by widespread breach of personal data maintained by the Office of Personnel Management took advantage of only a small portion of the money made available in a settlement agreement following the 2015 hack. Plaintiffs in the class action lawsuit reached a settlement in 2022 with…
No need to hack when it’s leaking: Roomster edition (1)
There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in…
Hacked on Christmas, DEphoto starts notifying customers, only to be attacked again
The threat actor known as 0mid16B contacted DataBreaches this morning to alert this site to a breach involving a U.K. photo business, DEphoto (DEphoto[.]biz). DEphoto is an established business for school, sports, club, and event photography. According to 0mid16B, they attacked DEphoto on December 25, and acquired the personal information of 555,952 customers, 429,597 orders…
Westend Dental agrees to pay Indiana $350K and to implement corrective action plan to settle charges of multiple HIPAA violations
TechCrunch recently did its annual write-up of badly handled data security incidents. The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….