The Vice Society added more schools to their “partners” leak site yesterday. One of them is the Mars Area School District in Pennsylvania. According to niche.com, MASD is a k-12 district with 3,334 students. In a notice posted on the district’s website on October 3, Superintendent Gross described the progress the district was making in…
Author: Dissent
Aesthetic Dermatology Associates notifies patients of breach, but data already leaking on dark web
If you say you are going to provide details of an incident, then DataBreaches believes that you should provide important details — like the fact that patient data has been leaked on the dark web. Here’s another incident notice where there is no mention of that. From Aesthetic Dermatology Associates‘ press release: What Happened? On…
Doctor Admits Criminal HIPAA Scheme for Wrongful Disclosure of Protected Patient Health Information to Pharmaceutical Sales Representative
CAMDEN, N.J. – A former physician with medical practices in New Jersey, New York, and Florida admitted wrongfully disclosing patients’ protected personal health information, Attorney for the United States Vikas Khanna announced. Frank Alario, 65, of Delray Beach, Florida, pleaded guilty before Judge Robert B. Kugler to conspiring to wrongfully disclose patients’ individually identifiable health…
Does your risk assessment include drone-delivered exploits?
Greg Linares tweeted a thought-provoking thread that is reminder that what we speculated about in one year comes to pass in another year. His thread begins: This will be a thread discussing a real world breach involving a drone delivered exploit system that occurred this summer Some details I am not able to discuss, however…
US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet
Jai Vijayan reports: Hot on the heels of attacks against US state government websites, pro-Russian threat group Killnet on Monday disrupted the websites of multiple US airports in a series of distributed denial-of-service (DDoS) attacks. It also called on similarly aligned groups and individuals to carry out DDoS attacks on other US infrastructure targets, in…
PG&E was publicly exposing partial SSN information of US consumers through its use of Experian Identity Verification questions.
Somehow I missed this one but it’s so significant that even though I am late with linking to it, I hope to make more people aware of it. @Lucky225 writes: I recently discovered PG&E will let you sign up for electricity online without providing your SSN. Their website offered an option for “Alternate Identification”, so…