Bob Diachenko reports: On March 8th, 2019, I have identified a passwordless MongoDB database that was exposing sensitive information of an estimated 6,608 VivaGym job candidates and other business related data. VivaGym is a Spanish low-cost gym franchise operating in Spain and Portugal. At the moment of the discovery, database already had a ‘WARN’ collection,…
Category: Breach Incidents
Woman Sues Northwestern Medicine Over Alleged Insider Wrongdoing that Exposed Her Medical Information on Twitter
Suzanne Le Mignot reports: A woman at the center of a lawsuit says Northwestern Medicine Regional Medical Group did not inform her of a privacy breach of her medical records until she called after seeing the records posted on social media. Gina Graziano calls it a breach of trust and said Northwestern should have better…
Database leaks 250K legal documents, some marked ‘not designated for publication’
Catalin Cimpanu reports: A database containing 257,287 legal documents, with some marked as “not designated for publication,” was left exposed on the public internet without a password, allowing anyone to access and download a treasure trove of sensitive legal materials. The database, which was left online for roughly two weeks, contained unpublished legal documents relating…
Bitcoin Ransomware Cripples Boston Legal System for Two Weeks
P. H. Madore reports: Boston public defenders suffered a ransomware attack some weeks back but have chosen not to send the bitcoin demanded by the attacker. Instead, they decided to use back-ups to restore services. The Committee oversees public defenders in Boston. According to the Boston Globe, that decision has meant a “weekslong slowdown” that…
US Healthcare institutions are vulnerable to phishing attacks: Survey
CISOMag reports on a recent survey and report, Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions, authored by Dr. William Gordon and colleagues. Not surprisingly, the survey found that the healthcare sector was susceptible to phishing attacks. How susceptible, you wonder? William specified that when the researchers sent simulated phishing emails,…
NC: Pasquotank-Camden EMS notifies 40,000 after hacking incident
On February 25, Pasquotank-Camden Emergency Medical Service in North Carolina reported a breach to HHS that affected 20,420 patients. A notification sent to the Vermont Attorney General’s Office explained that sometime in late December, 2018, the county became aware of an unauthorized intrusion from outside of the U.S. Investigation revealed that the intruder was able…