Samantha Hawkins reports: Excellus Health Plan Inc. will settle a data breach lawsuit with a certified class over a 2013 hacking incident that compromised the personal data of approximately 10 million policyholders. Matthew Fero, who filed the suit against Excellus and several associated healthcare companies in 2015, claims that customers’ personal identifying information, Social Security…
Category: Breach Incidents
Health startup myNurse to shut down after data breach exposed health records
Zack Whittaker reports: myNurse, a healthcare startup that provides chronic care management and remote patient monitoring services, said it will shut down at the end of the month after reporting a data breach that exposed personal health information of its users. The startup, which launched as Salusive Health, said in a data breach notice filed…
ARcare reports breach; Smile Brands updates its disclosure to 2.6 million affected
Two reports that I have been reading today: ARcare ARcare in Arkansas is notifying people whose personal and/or medical information may have been accessed or acquired in a malware incident. The malware enabled an unauthorized actor to access or acquire data between January 18, 2022 and February 24, 2022. The types of information involved included…
Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen
Lorenzo Franceschi-Bicchierai reports: On Monday, the Bored Ape Yacht Club NFT project announced that its Instagram account had been hacked in a tweet. “There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,” the group wrote. Read more at Vice. At…
New York dental insurer reports phishing incident, French hospital group hit in ransomware incident
Healthplex, Inc. in New York provides dental insurance plans. On November 24, 2021, an employee reportedly fell for a phishing attempt. As a result, the insurer notified 76,262 of their insured members whose personal information may have been impacted. They do not make clear whether their investigation confirmed access and exfiltration or just access, so…
Silent no more: Exposing a campaign that intimidated researchers and journalists
On April 20, DataBreaches.net reported that a threat actor contacted this site to say that a researcher, @ido_cohen2, had been scared off the internet after the threat actor’s colleague(s) used a fake Emergency Data Request (EDR) to obtain the researcher’s account information from Twitter. DataBreaches could see that @ido_cohen2’s Twitter account had been deleted and…