Breach Incidents – Page 156

LAPSUS and the Terrible, Horrible, No Good, Very Bad Ransom Day¹ (UPDATED)

Posted on February 27, 2022September 16, 2024 by Dissent

First they thought their victim hacked them back. Then they appeared to be trolled by a “negotiator” who wasn’t. I don’t know if the Brazilian threat actors who call themselves LAPSUS felt like moving to Australia after a bad day at the ransom office yesterday, but their attack on Nvidia and the aftermath seemed somewhat……

NZ technology company hacked, data stolen

Posted on February 25, 2022 by Dissent

Andrew Macfarlane reports: iTCo, which is based in Rotorua, says it was the subject of a ransomware cyberattack in early February. Those responsible are claiming to have stolen more than 4 gigabytes of data. Note: this is not the same firm that Hive threat actors named on their site, which is ITSinfocom.com. This firm is…

One year later, Minimally Invasive Surgery of Hawaii notifies patients of ransomware incident

Posted on February 22, 2022 by Dissent

A notification letter template that showed up on the California Attorney General’s site this week is dated “February 19, 2021.” I assume the 2021 is a typo based on the rest of the letter. The letter from Orthopedic Associates of Hawaii (OAH) begins (emphasis added by this site): Orthopedic Associates of Hawaii, All Access Ortho…

OKC Police rape kit info exposed in data breach of DNA contractor

Posted on February 20, 2022 by Dissent

Brett Dickerson reports: Victims of past sexual assault who had their DNA collected in a rape kit by the Oklahoma City Police Department now face yet more uncertainty because of a data breach. Rape kits are used to collect DNA evidence by law enforcement agencies for sexual assault investigations. Saturday, those who had their DNA…

QRS Data Breach Exposed Psych Care Consultants Patient Information – Class Action Allegations

Posted on February 18, 2022 by Dissent

DataBreaches.net does not report on most potential class action lawsuits because many of them will not survive motions to dismiss. This case, however, is a bit more interesting to me because it involves sensitive mental health data, ransomware, leaked data, and claims about inadequate monitoring of a business associate. The case is K.L. v. Psych…

National Math and Science Initiative notifies more than 190,000 of data security incident

Posted on February 13, 2022 by Dissent

The National Math and Science Initiative (NMSI) in Texas describes itself as a non-profit organization whose mission is to improve U.S. student performance in the subjects of science, technology, engineering, and math. According to their notification letter, on or about October 13, 2021, their AV software triggered an alert. Through the resulting investigation, NMSI determined…