The Zalkin Law Firm (“Zalkin”), a San Diego firm advocating for sexual abuse survivors nationwide, was sued in September after BlackCat gained access to the firm’s system and exfiltrated 523 clients’ personal information, including sexual abuse details. On their dark web leak site, the threat actors claimed to have exfiltrated 415.63 GB of sexual harassment…
Category: Breach Incidents
Grace Lutheran Communities attacked by BlackCat; employee and resident data acquired
Grace Lutheran Foundation, which does business as Grace Lutheran Communities in Wisconsin, offers a variety of services including rehabilitation services, assisted living, skilled nursing, independent living, adult day services, and childcare. On February 9, they posted a notice about a data breach they discovered on January 22, 2024. They emphasized that there was no indication…
Update to the Tic Hosting Solutions data incident
On April 30, 2023, DataBreaches reported an alleged data breach involving TorchByte (formerly known as Tic Hosting Solutions). At the time, DataBreaches had been unable to reach the firm, and the Romanian data protection authority informed DataBreaches that they had received no report from them of any breach. But the screenshots provided to this site…
Updating: Prince George’s County Public Schools breach affected almost 100,000
In August 2023, Prince George’s County Public Schools disclosed a cyberattack. At the time, they reported that “an estimated 4,500 user accounts out of 180,000 were impacted, primarily staff accounts. The school system is still assessing the full scope of this incident, but as of this time, the main business and student information systems –…
Update on INTEGRIS Health data breach: incident response criticized by patients
In December, INTEGRIS Health disclosed a cyberattack in November in which threat actors contacted patients directly to extort them when INTEGRIS wouldn’t pay their demands. DataBreaches subsequently reported additional details. On February 6, INTEGRIS updated its breach notice. The updated website notice incorporates the kind of language that advocates for transparency and data protection may…
Insurance provider for public servants abroad detects ‘cybersecurity incident’
Safiyah Marhnouj reports: The insurance provider for members of the Public Service Health Care Plan who are posted abroad or travelling says it recently detected a “cybersecurity incident” involving its systems, but hasn’t determined what information may have been accessed. MSH International Canada said it detected the incident on Feb. 9., and immediately paused services. Law enforcement was…