Hannah Murphy reports: To pay or not to pay? For companies unfortunate enough to be hit by a ransomware attack, that is the crucial question. Ransomware attacks — in which cyber criminals lock up a victim’s data or computer system and release it only if a ransom is paid — exploded in 2020 and 2021,…
Category: Breach Incidents
Lodi Unified School District reports breach involving its Aeries application
Lodi Unified School District in California has submitted a notification template to the California Attorney General’s Office. The template letter, dated, October 31, 2022, begins: Dear [first name] [last name]: Lodi Unified School District writes to notify you of a recent incident that may impact the privacy of certain information provided to us. We take…
Healthcare provider to incarcerated people discloses breach by data security incident by claims processor
Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare. According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure occurred…
Bits ‘n Pieces (Trozos y Piezas)
New Incidents Co: Universidad Piloto de Colombia Hit by ALPHV This week, the Universidad Piloto de Colombia was added to the ALPHV (aka “BlackCat”) leak siteUniversidad Piloto de Colombia was added to the ALPHV (aka “BlackCat”) leak site this week. ALPHV claims to have 300 GB of files from students, faculty, and administration, and they…
Australian Clinical Labs says data of 223,000 people hacked
Australian Clinical Labs said on Thursday its Medlab Pathology business suffered a data breach that affected health records and credit card information of about 223,000 patients and staff. This is the latest in a series of hacks to rock corporate Australia, after the country’s biggest health insurer Medibank and No. 2 telco Optus were also…
Davenport Community Schools’ “server issues” were Karakurt issues
Months after CISA issued an alert about Karakurt, Davenport Community Schools in Iowa reported some “server issues.” On September 13, Schools Superintendent TJ Schneckloth issued a statement regarding what had been described as “server repairs” after the district went without internet for roughly a week back in September. That statement, updated on October 4, acknowledged…