Zack Whittaker reports: A security flaw on the Florida Department of Revenue website exposed at least hundreds of taxpayers’ Social Security numbers and bank account numbers, a security researcher found. Kamran Mohsin said the security flaw — now fixed — allowed him, or anyone else who was logged in to the state’s business tax registration website,…
Author: Dissent
‘We weren’t ready’ — Inside St. Michael Medical Center during October cyberattack outages
Nathan Pilling reports: In early October, a fresh batch of troubles arrived at St. Michael Medical Center. They would first be linked to an “IT security incident.” It would eventually be acknowledged by the hospital’s parent organization, CommonSpirit Health – one of the largest nonprofit health care systems in the country – that the group…
‘Cybersecurity incident’ hits San Diego Unified computer network
Not much in the way of details but City News reports: The offices of San Diego Unified School District have experienced a computer-network security breach, SDUSD officials disclosed this week. District Superintendent Lamont Jackson on Thursday sent a letter to his staff and families of students attending SDUSD campuses to apprise them of what he…
DHS Cyber Safety Review Board to Conduct Second Review on Lapsus$
Press release from the U.S. Department of Homeland Security (DHS): WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a…
In: Hackers Selling Personal Data Of 150,000 Patients From a Tamil Nadu Hospital in Supply-Chain Attack
Bharat Sharma reports: After a cyberattack on AIIMS knocked out its servers, a threat actor is selling medical records of patients of a Tamil Nadu-based multispecialty hospital. A report released by CloudSEK claims that patient data of Sree Saran Medical Centre is on sale by a threat actor. On November 22, 2022, CloudSEK discovered a post…
Australia will now fine firms up to AU$50 million for data breaches
Bill Toulas reports: The Australian parliament has approved a bill to amend the country’s privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches. The financial penalty introduced by the new bill is set to whichever is greater: AU$50 million Three times the value of…