Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
Category: Breach Incidents
Memorial Hermann worker accused of stealing patients’ credit card numbers to pay rent
Sophia Beausoleil reports: A Memorial Hermann employee has been suspended after he was charged with credit and debit card abuse. He’s accused of stealing patients information to pay for rent, buy food and purchase rides to work. According to Harris County court records, 26-year-old Elliott Phylow admitted to Harris County Precinct Four constables that he…
American Medical Collection Agency breach impacted 200,000 patients – Gemini Advisory
A data breach involving a medical collection agency affected more than 200,000 patients who had used the firm’s online payment portal between September, 2018 and the beginning of March, 2019. At the end of February, Gemini Advisory analysts identified a Card Not Present (CNP) database that had been posted for sale in a dark web…
San Francisco Unified School District notifies families of Buena Vista Horace Mann students about data security incident
The San Francisco Unified School District recently notified families of current and former Buena Vista Horace Mann (BVHM) students about an incident in which student data was shared with some BVHM community members. An unsigned letter dated April 22nd from the district’s department of technology described what had transpired: On April 10, 2019, an electronic…
Was WallStreet Market seized by German authorities or is this just another part of the exit scam? [UPDATE: it’s real]
Did a darkweb marketplace known as WallStreet Market wind up seized by German authorities after its moderators pulled an exit scam? Or is what may be intended to look like a seizure by German authorities just another part of the exit scam? Today’s drama on the darkweb started after what appeared to be a seizure…
Hackers Snatch and Try Unsuccessfully to Ransom Data from IT Service Provider; CityComp’s Big Clients Impacted
Joseph Cox reports: Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website…