East River Medical Imaging recently sent out notices to 605,809 patients concerning a breach in September. According to a patient notice posted on its website, on September 20, 2023, the New York medical practice identified suspicious activity within its IT network. We immediately initiated our incident response process, began an investigation with the assistance of…
Category: Breach Incidents
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
Kevin Beaumont writes: How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance owns Ongoing Operations LLC, and provides a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp platform was not patched for CitrixBleed, as no Netscaler…
On September 2nd, the U.S. branch of Great Star Industrial Co. disbursed a ransom of 1 million dollars to a ransomware group
Over at SuspectFile, Marco A. De Felice writes: We are in the early days of last September when the American division of the Chinese multinational Hangzhou Great Star Industrial Co., Ltd (Great Star), in order to avoid the publication of administrative and company secrets documents, decided to negotiate with the Akira ransomware group and pay…
Why we need legislation requiring more transparency in breach notices, Saturday edition (Bluefield University)
Yet another notification letter provides an example of why we need legislation requiring more transparency in disclosures. A DataBreaches.net OpEd. Background: The Bluefield University Breach On May 2, DataBreaches reported a cyberattack involving Bluefield University in Virginia that had first been reported by WVVA. The local media had reported that on May 1, Bluefield had…
If you’re in Rock County, Wisconsin, do NOT read this post. Absolutely do not read this post.
If you’re in Rock County, Wisconsin, it seems your Information Technology Director and Corporation Counsel do not want you to know certain things about the September ransomware attack — even though people in the rest of the country may already know what they have decided not to tell you. They didn’t even tell your own…
PA: Great Valley School District Falls Victim to Ransomware Attack
As DataBreaches noted yesterday on infosec.exchange, the Medusa ransomware gang claims to have hit Great Valley School District in Pennsylvania. They provide a filetree showing a lot of Skyward, Canvas, PowerSchool, and other internal files, as well as 20+ screencaps of student info and employee info files to support their claim. They are demanding $600k…