Nisa Khan reports: University of Michigan students got a scare Friday night: warnings circulating on social media about an apparent data breach leaking their U-M email addresses and passwords. On Saturday, the University of Michigan released a statement saying the information was from older “third-party data breaches, such as Chegg, Zynga, LinkedIn” where users used their student emails to sign…
Category: Breach Incidents
NY Employment Nonprofit Client Data Potentially Exposed
Rick Moriarity reports: A data breach at CNY Works may have exposed the names and Social Security numbers of 56,000 people who have used the nonprofit agency’s services to find jobs. Clients potentially impacted by the breach began receiving letters from the agency this week warning that files targeted by a suspected ransomware attack on the agency’s…
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
Catalin Cimpanu reports: A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a…
8 U.S. City Websites Targeted in Magecart Attacks
Lindsey O’Donnell reports: Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously…
CHI St. Luke’s Health Memorial Lufkin notifies patients of April security incident
June 22 — CHI St. Luke’s Health-Memorial Lufkin announced today that it has taken action after becoming aware of an incident that took place on April 23, 2020 in which an unapproved third party gained access to patient information. Though we have no evidence to confirm that information was actually viewed or obtained by the…
Deloitte Consulting sued in two states over unemployment portal data security issues
Last month we started seeing reports of data leaks or breaches involving state unemployment benefits application portals. We also started seeing reports of lawsuits filed as a result. Ben Szalinski reports that in Illinois, one of the nearly 32,500 applicants who had private information exposed said it was used to access her bank account. Briana…