Jim Bronskill reports: The RCMP lost a USB key containing personal information about victims, witnesses and informants, and later learned it was being offered for sale by criminals, the federal privacy watchdog says. A detailed report from the Office of the Privacy Commissioner of Canada reveals the RCMP told the watchdog about the breach in March…
Category: Breach Incidents
Resource: Insider Threat reports
On a daily or weekly basis, DataBreaches highlights insider wrongdoing incidents and the harm they can cause. For more comprehensive compilation and analysis of the topic, readers may be interested in the Insider Threat Incidents For May 2025 report produced by the National Insider Threat Special Interest Group and Insider Threat Defense Group. Their previous…
Data breach of patient info ends in firing of Miami hospital employee
Michelle Marchante provides today’s reminder of the insider threat: More than 2,000 patients at Jackson Health System had their personal data, including names, address and medical information, accessed in a lengthy breach that spanned nearly five years. The data breach was conducted by a Jackson employee who accessed the information to promote a personal healthcare…
CISA Alert: Updated Guidance on Play Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection. Since June…
Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
U.S. Dermatology Partners, which has over 100 locations across eight states, recently posted a notice of a data security incident on its website. As stated in their notice: On June 19, 2024, USDP experienced a network disruption. Upon detecting the incident, we quickly took steps to secure our network, immediately initiated our incident response processes…
When ransomware listings create confusion as to who the victim was (1)
When a ransomware gang names one target but links to another target or posts a description of a different target, journalists and researchers may understandably be left wondering who was attacked. If the threat actors have posted proof of claims, it may be possible to figure out who the target was, but with no proof…