Andrew Macfarlane reports: iTCo, which is based in Rotorua, says it was the subject of a ransomware cyberattack in early February. Those responsible are claiming to have stolen more than 4 gigabytes of data. Note: this is not the same firm that Hive threat actors named on their site, which is ITSinfocom.com. This firm is…
Category: Breach Incidents
One year later, Minimally Invasive Surgery of Hawaii notifies patients of ransomware incident
A notification letter template that showed up on the California Attorney General’s site this week is dated “February 19, 2021.” I assume the 2021 is a typo based on the rest of the letter. The letter from Orthopedic Associates of Hawaii (OAH) begins (emphasis added by this site): Orthopedic Associates of Hawaii, All Access Ortho…
OKC Police rape kit info exposed in data breach of DNA contractor
Brett Dickerson reports: Victims of past sexual assault who had their DNA collected in a rape kit by the Oklahoma City Police Department now face yet more uncertainty because of a data breach. Rape kits are used to collect DNA evidence by law enforcement agencies for sexual assault investigations. Saturday, those who had their DNA…
QRS Data Breach Exposed Psych Care Consultants Patient Information – Class Action Allegations
DataBreaches.net does not report on most potential class action lawsuits because many of them will not survive motions to dismiss. This case, however, is a bit more interesting to me because it involves sensitive mental health data, ransomware, leaked data, and claims about inadequate monitoring of a business associate. The case is K.L. v. Psych…
National Math and Science Initiative notifies more than 190,000 of data security incident
The National Math and Science Initiative (NMSI) in Texas describes itself as a non-profit organization whose mission is to improve U.S. student performance in the subjects of science, technology, engineering, and math. According to their notification letter, on or about October 13, 2021, their AV software triggered an alert. Through the resulting investigation, NMSI determined…
FL: Comprehensive Health Services discloses breach first detected this past September
Update: This incident was subsequently reported to the Maine Attorney General’s Office on February 15 as impacting a total of 94,449 people. Original post: In January, DataBreaches.net noted a report to the Massachusetts Attorney General’s Office that involved Comprehensive Health Services (CHS), a business associate providing occupational health services to clients’ employees. The breach was…