Breach Incidents – Page 306

TX: Personal info still being discarded and dumped improperly

Posted on April 2, 2018 by Dissent

Courtney Schoenemann reports that a security analyst who goes dumpster diving in his spare time, came across a filing cabinet of account receivables from an Austin home remodeling company that had been dumped by an as-yet unnamed company: “Their routing numbers, bank account numbers, some had their driver’s license numbers on their checks. Everything you…

Oklahoma man pleads guilty to using stolen medical records for identity theft

Posted on March 28, 2018 by Dissent

KXII reports: One of two men suspected of of using stolen medical records to commit identity theft has pleaded guilty in federal court. 34-year-old Robert Bond of Thackerville pleaded guilty to conspiracy to commit wire fraud, and aggravated identity theft. Read more on KXII. The report doesn’t indicate from where the medical records were stolen,…

More details emerge on The MENTOR Network breach

Posted on March 27, 2018 by Dissent

On March 21, National Mentor Healthcare, doing business as Georgia MENTOR, announced that they were notifying patients of a data breach. A disk with protected health information mailed to them by a software provider was lost in the mail, they explained. They had reportedly discovered the loss on December 21. They did not disclose when…

“First do no harm” should be “First, secure your patient data, Doctor!”

Posted on March 26, 2018 by Dissent

When they discovered more than 42,000 patient records and millions of patient clinical notes exposed on a misconfigured rsync backup, researchers at UpGuard responsibly set out to notify the entity to secure their data. It turned out to be a Herculean task that would take almost two months and multiple entities to get the job…

How long does it take for a MongoDB to be compromised? Hint: not very long.

Posted on March 22, 2018 by Dissent

Kromtech Security has done a follow-up on reports from last year about misconfigured MongoDB installations having their data deleted and replaced by “ransom” messages. The attackers were having a field day back then, but what is happening now? So Kromtech decided to employ a honeypot. It went live on March 1, 2018. And here’s what happened…

San Diego City Attorney announces lawsuit against Experian over massive data breach

Posted on March 22, 2018 by Dissent

At first I thought the headline had a typo and that they meant to name Equifax, but they do, indeed, mean Experian. This suit goes back to an incident previously covered on this site that involved Experian acquiring a company, Court Ventures, that had access to another company’s, InfoSearch’s database…. and a bad actor named…