Healthplex, Inc. in New York provides dental insurance plans. On November 24, 2021, an employee reportedly fell for a phishing attempt. As a result, the insurer notified 76,262 of their insured members whose personal information may have been impacted. They do not make clear whether their investigation confirmed access and exfiltration or just access, so…
Author: Dissent
Illuminate Education Breach Notice
New York State Education Department has addressed the Illuminate data breach in a notice on the state’s site that advises school districts that they must make their best effort to contact all students, including former students for whom they have addresses. They are also advising districts to keep records of who they notified and who…
Iran says it thwarted largescale cyberattack on country’s infrastructure
The Jerusalem Post reports: The Iranian “AFTA” presidential strategic management center thwarted a widespread cyber attack on the country’s infrastructure in recent days, according to Iranian state TV IRIB. According to AFTA, the cyberattackers planned to exploit a security gap in one of the softwares most widely used by infrastructure organizations in Iran. The center…
Ransomware attacks are hitting universities hard, and they are feeling the pressure
Danny Palmer reports: Schools and universities are facing an unprecedented level of ransomware attacks as incidents continue to severely impact the education sector. The warning comes from Jisc, a not-for-profit organisation that provides network and IT services to higher education and research institutions. Jisc’s ‘Cyber Impact 2022’ report suggests there’s an increased threat of ransomware attacks against education. Read…
FBI: BlackCat ransomware scratched 60-plus orgs
Jessica Lyons Hardcastle reports: IN BRIEF The BlackCat ransomware gang, said to be the first-known ransomware group to successfully break into networks with Rust-written malware, has attacked at least 60 organizations globally as of March, according to the FBI. BlackCat, also known as ALPHV, is a relatively new group of cybercriminals that operates a Windows ransomware-as-a-service….
Silent no more: Exposing a campaign that intimidated researchers and journalists
On April 20, DataBreaches.net reported that a threat actor contacted this site to say that a researcher, @ido_cohen2, had been scared off the internet after the threat actor’s colleague(s) used a fake Emergency Data Request (EDR) to obtain the researcher’s account information from Twitter. DataBreaches could see that @ido_cohen2’s Twitter account had been deleted and…