The Office of Inadequate Security
Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…
From the “Wait-What-Happened-Here Dept:” On October 19, the Black Suit ransomware group announced that they had attacked Rutherford County Schools in Tennessee. Their listing, posted on their dark web site, included what appears to be an indication of what data and how much data they were able to exfiltrate. It did not indicate whether they…
For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company…
Eric Katz reports: Current federal employees, retirees and others impacted by widespread breach of personal data maintained by the Office of Personnel Management took advantage of only a small portion of the money made available in a settlement agreement following the 2015 hack. Plaintiffs in the class action lawsuit reached a settlement in 2022 with…
Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….
Chris Riotta reports: The U.S. Department of Health and Human Services is ramping up digital efforts to protect Americans in a year that’s witnessed hackers targeting sensitive patient data and major breaches at Ascension and UnitedHealth. HHS is set to unveil a notice of proposed rulemaking requiring healthcare companies to encrypt data, conduct routine compliance…