Diego Pérez Morales reports: The 2021 cyberattack on T-Mobile exposed sensitive information of 76 million customers, including names, addresses, and Social Security numbers. This breach led to a class-action lawsuit, culminating in a $350 million settlement in 2022. This agreement is notable as the second-largest data breach settlement in U.S. history, only surpassed by Equifax’s $700…
Category: Breach Incidents
Memo: Hamilton County data breach has gone unreported
Joan McClane reports: Hamilton County officials were notified more than 240 days ago about a data breach potentially compromising financial information for more than 14,000 people, according to an internal memo this month. According to the memo from the county attorney’s office, affected parties and the public were supposed to be notified within 60 days, but that…
Attorney General James Secures $975,000 from Auto Insurance Company over Data Breach
From a March 20 press release from NY Attorney General Letitia James: NEW YORK – New York Attorney General Letitia James today secured $975,000 in penalties from Root, an auto insurance company, for failing to protect the personal information of approximately 45,000 New Yorkers. The data breach was part of an industry-wide campaign to steal consumers’…
No need to hack when it’s leaking: OrthoMinds edition
Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident. Marianne Kolbasuk McGee reports: A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last…
Watsonville Community Hospital still hasn’t notified all those affected by a November data breach; employees are reporting tax refund fraud
Felix Cortez reports: Just months after Watsonville Community Hospital was hit by a cyber-attack, roughly 20 employees at the hospital now say they’re the victims of identity theft. “We heard from a few of our employees that they reported there were fraudulent tax filings in their name, so someone else had tried to file a…
What is WikiLeaksV2 doing with a ransomware gang? Spoiler alert: It’s not extortion.
As previously reported on this site, in September 2023, Cardiovascular Consultants Ltd. (CVC) in Arizona experienced a ransomware attack. In October 2023, the Qilin ransomware group added CVC to its leak site, claiming to have exfiltrated 520,961 files and 206 GB of data. And in December 2023, CVC announced the breach in a substitute notice…