Update of August 10: Following publication of our article with a statement from Greenway Health that the attack appeared to be on a former client and not them (but it was under investigation), DataBreaches.net checked the threat actor’s leak site today and found the entire listing is gone. This could mean a number of things,…
Author: Dissent
Chanel Korea issues apology over data theft
Kim Jae-heun reports: Online thieves managed to steal customer data, including phone numbers, in a cyberattack on some data centers managed by Chanel Korea. It’s unknown whether clients affected by the data leak will take legal action against the French luxury brand’s Korean firm.In a rare move, Chanel Korea issued a public apology after disclosing…
Actively exploited bug bypasses authentication on millions of routers
Sergiu Gatlan reports: Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication….
Vision for Hope notification of data security incident
Hope started as a school in Illinois for children with disabilities, but it expanded its mission over the years. This is a notification they posted on August 3: Vision for Hope (“Hope”) recently discovered an incident that may have involved the personal information or protected health information of some of its patients or other individuals….
Long Island Jewish Forest Hills Notifies Patients Who Were Potentially Impacted by a Former Employee’s Unauthorized Access of Electronic Medical Records
QUEENS, N.Y.–(BUSINESS WIRE)–Long Island Jewish Forest Hills Hospital (“LIJFH”) today announced that it has notified patients who were potentially impacted by a former employee’s unauthorized access of electronic medical records. LIJFH has taken steps to address this matter and is offering credit monitoring to any patient who may have been affected. As background, on January…
UK: NHS Highland apologizes after data security breach
Tom Ramage reports: Letters inviting patients at NHS Highland for their second dose of Covid vaccine were produced by NHS Highland Public Health carrying information relating to other patients. A spokesperson has explained: “These letters each contain the name and address of the patient along with the date, a time slot and a location they…