Sergiu Gatlan reports: GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including…
Author: Dissent
Blue Earth County releases report on insider data breach that began in 2020
It seems like only yesterday that we were pointing to an insider-wrongdoing breach that involved people’s medical information. Oh right, it was. And here’s yet another one. Aaron Stuve reports: Blue Earth County has released information regarding a data breach from last year. The report said that an employee of the Human Services Department accessed…
DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
Meanwhile, last week, AJ Vicens reported: Federal agents in Honolulu last week “disrupted” an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region, the agency said in a statement Tuesday. Hawaii-based agents with Homeland Security Investigations, an arm…
Law firm says Deaconess doc viewed women’s personal, medical data without cause
John T. Martin reports on a disturbing case of insider-wrongdoing: A law firm says it has spoken with at least six women who received an apology letter in recent months from Deaconess Health System stating a physician accessed their medical records without purpose. The firm, Ladendorf Law of Indianapolis, may pursue claims on behalf of those women,…
Cyberbreach at Rideau Hall was ‘sophisticated’ intrusion, internal documents reveal
Jim Bronskill reports: Newly disclosed documents reveal the breach of an internal computer network at Rideau Hall was described to senior government officials as a “sophisticated cyber incident” in the days before the public was told of the security lapse. Internal government emails, obtained by The Canadian Press through the Access to Information Act, also…
McDonald’s is Informing its Costa Rica Customers About a Data Breach
Manikanta Immanni reports: McDonald’s faced an indirect data breach where a hacker accessed sensitive information belonging to its clients in the Costa Rica branch. The company later said that a service provider it hired has left its client data exposed, which was reportedly accessed by the hacker. […] How the hacker was able to access…