Salvador Rizzo reports: A former IRS contractor who leaked a slew of confidential tax records filed by the wealthiest Americans, including those of President Donald Trump, was sentenced Monday to the maximum of five years in prison. Charles Littlejohn pleaded guilty last year to one count of unauthorized disclosure of income tax returns. Littlejohn, 38, admitted that he…
Category: Breach Incidents
Washington State Appeals Court to hear data breach lawsuit against Chelan Douglas Health District
KPQ reports: The Washington Appeals Court will hear a case from two people suing Chelan Douglas Health District over a security breach. The Health District reported a breach in July of 2021 but did not inform possible victims or the public until March 2022. The district said Social Security numbers, dates of birth or death,…
University of Twente Maps Decision-Making Process for Ransomware Victims
The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led…
Primary Health & Wellness Center, LLC’s public notice of ransomware incident
In the process of researching breach reports submitted to HHS, DataBreaches came across a public notice for an incident affecting Primary Health & Wellness Center, LLC in Maryland. The covered entity is to be commended for the details and transparency in their notice, although they do not name the threat actor/group involved or any details…
CISA pushes federal agencies to patch Citrix RCE within a week
Sergiu Gatlan reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack…
HMSA member data possibly compromised after data breach
Emily Cervantes reports: Hawaii Medical Service Administration employee information may be compromised after their vendor partner fell victim to a cyber attack. In early Sept. 2023, HMSA’s health management service vendor, Navvis, announced they experienced a data privacy event that compromised the personal and protected health information for former and current employees. Navvis immediately launched…