Add Sugarland, Texas to any list you are keeping of Click2Gov breach victims. As with other entities in the second wave of attacks, those residents who used the payment portal to make one-time payments seem to have fallen prey to the attackers. And as with a number of other CentralSquare Technologies Click2Gov customers, Sugarland will…
Category: Breach Incidents
Unsecured backup devices continue to be a hot mess
After a few years of headlines blaring mega-numbers of records exposed by misconfigured RSYNC backups, we might hope that we would be seeing fewer errors by now. But it seems that RSYNC errors continue at a high rate, exposing massive amounts of data. This month, part of what I did was look at RSYNC errors…
On the notification warpath, Friday edition
In 2006, I started advocating that there needs to be a law or regulation that requires businesses to have a method to receive notifications of security alerts. A number of people I respect offered explanations as to why that wasn’t a great idea. But 13 years later, I’m more convinced than ever that we need…
Months after notifying patients of a leak, Medico issues press release
In July, DataBreaches.net reported on a leak it had discovered in June. On September 17, Medico of South Carolina reported a breach to HHS that reportedly impacted 6,489 patients. On December 11, they issued a press release that appears to be related to the same incident. Medico of South Carolina “(Medico”) is a medical billing company…
How can we screw up incident response? Let me count the ways — Monday UK Edition
This week, DataBreaches.net was reminded yet again of the risks of trying to alert an entity to a breach. This time, it was not me who was threatened or any of the whitehat researchers I know. This week, it was a citizen who found patient records on the street in his town and undertook to…
It’s not just state actors going after automotive companies: “DarkSly” claims hacks of Hyundai and Jaguar/LandRover
On December 6, Catalin Cimpanu of ZDNet reported that both BMW and Hyundai had reportedly been hacked. His report was based on reporting by Von Hakan Tanriverdi and Josef Streule that had been published on both BR.de and taggeschau.de. Their report was light on details, though, and neither BMW nor Hyundai would comment. to them…