On Aug. 15, 2022, a federal court in the Central District of California entered an order authorizing the IRS to serve a John Doe summons on SFOX, a cryptocurrency prime dealer headquartered in Los Angeles, California, seeking information about U.S. taxpayers who conducted at least the equivalent of $20,000 in transactions in cryptocurrency between 2016…
Author: Dissent
NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Atlantic Dialysis Management Services notifies patients of data security incident
On August 5, Atlantic Dialysis Management Services (ADMS) in New York issued a press release that no longer appears to be available on any of the sites that published it — with one exception. ADMS also posted a security incident notice on its website. Their website notice reads, in part: On June 9, 2022, Atlantic…
Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident
Top Class Actions reports that Florida Orthopaedic Institute, ooerated by the Musculoskeletal Institute, has agreed to pay $4 million to settle claims stemming from a 2020 ransomware attack. The incident was first disclosed in June 2020, and then reported to HHS on July 1 as affecting 640,000 patients. There is no notation in HHS’s public…
Digital Ocean dumps Mailchimp after attack leaked customer email addresses
Simon Sharwood reports: Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp. This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their fellow…
U.K.: South Staffordshire Water says it was target of cyber attack as criminals bungle extortion attempt
It is not unheard of for ransomware groups to publicly misidentify their victims. We saw such errors from the outset of groups publicly naming and shaming victims and leaking data. DataBreaches reported on a few such cases involving Maze and has reported on other misidentifications in other groups since then. DataBreaches has occasionally contacted threat…