Gareth Corfield reports: The Telegraph newspaper managed to leak 10TB of subscriber data and server logs after leaving an Elasticsearch cluster unsecured for most of September, according to the researcher who found it online. The blunder was uncovered by well-known security researcher Bob Diachenko, who said that the cluster had been freely accessible “without a…
Author: Dissent
IL: OSF Healthcare discloses ransomware incident
In May, 2021, DataBreaches.net sent an email inquiry to OSF Healthcare in Illinois after seeing that threat actors known as Xing Team claimed to have attacked them and exfiltrated data. OSF Healthcare never responded to the inquiry. In June, after Xing Team started dumping what appeared to be patient data, DataBreaches.net sent OSF Healthcare a…
Identity Theft Resource Center to Share Latest Data Breach Analysis With U.S. Senate Commerce Committee; Number of Data Breaches in 2021 Surpasses all of 2020
SAN DIEGO, Oct. 6, 2021 /PRNewswire-PRWeb/ — Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter (Q3) of 2021. According to the data breach analysis, the number of data breaches publicly-reported in the U.S. decreased…
Today’s reminder that small breaches may have the biggest impact
While everyone understandably raises alarms about the possible impact of a ransomware attack, let us never forget that simple, stupid, careless, willful, or just human errors can create significant safety risks for people. A foster family in Missouri is raising concerns about what may be two separate breaches that pose safety risks to them and…
It seemed that in the blink of an eye, an Indiana health system was crippled by ransomware
Leeann Doerflein reports: Johnson Memorial Health’s information technology team and the FBI are trying to get to the bottom of a weekend cyber attack that crippled the hospital’s computer network. The hackers gained access to the hospital’s network at 10:31 p.m. Friday and installed ransomware by 10:33 p.m. The hospital’s IT team discovered the attack…
English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack
Steven Baker, Vishnu V. Shankar, and Julia Bihary of Proskauer write: In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for…