Sergiu Gatlan reports: Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023. ConnectOnCall is a telehealth platform and after-hours on-call answering service with automated patient call tracking for healthcare providers. “On…
Author: Dissent
CISA orders federal agencies to secure Microsoft cloud systems after ‘recent’ intrusions
Jonathan Greig reports: Federal civilian agencies were ordered to secure their Microsoft cloud systems after several recent cyber incidents. The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure…
A positive example of forthright breach disclosure (1)
Update: The notification DataBreaches read is not what was sent out to affected consumers. That one can be found on pages 3 and 4 of the embedded file. The consumer version is not as detailed as the disclosure I have raved about. But do read about the one they sent New Hampshire that was excellent….
Securities and Exchange Commission Settles Charges Against Flagstar for Misleading Investors About Citrix Data Breach
ADMINISTRATIVE PROCEEDING File No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading…
Granite School District breach worse than the district has revealed — former employee (1)
Some former employees of Granite School District in Utah are reporting frustration and anger with the district’s incident response to an attack by the Rhysida group. One has written up what he found when he examined the publicly leaked data. On September 20, 2024, Granite became aware of suspicious activity on its network. An investigation…
Sensitive data leaked after Namibia ransomware hack
BBC reports: Namibia’s state-owned telecoms company has fallen victim to what is known as a ransomware attack resulting in the leak of sensitive customer data, including reportedly information about top government officials. Telecom Namibia said the data had been released after it refused to engage with a group of hackers known as Hunters International. […]…