Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
Category: Breach Incidents
NH DHHS commissioner apologizes to families receiving breach notifications for deceased relatives
AP reports that New Hampshire’s health commissioner is offering an extra apology as his agency deals with a data breach that led to personal information of up to 15,000 people being posted online. The extra apology follows recent media coverage describing the emotional reaction of a woman who received a letter addressed to her son…
Customer records from used car dealership found dumped in Detroit’s Brightmoor area
If you were a customer of Get Fresh Auto in Detroit, you may want to read a report by Randy Wimbley for Fox2. Contacted after a watchdog found customer information just dumped on a debris-littered street, the used car dealership’s owner’s responses to the reporter’s questions about how the papers wound up there reminded me of Sgt. Schultz in Hogan’s Heroes. “As soon…
Topps’ payment card breach was just its latest data security incident
A number of sites have now reported on Topps‘ recent disclosure that on October 12, it became aware of unauthorized access to payment card information for customers using the topps.com website between July 30 and October 12. A copy of the sports card and memorabilia giant’s notification can be found on several state regulators’ sites but not, it seems…
Insurance company loses 850 Ohio customers’ personal information in the mail
WCPO reports: Health insurance giant Aetna announced Friday that a CD containing 850 Ohio customers’ personal information, including names, addresses, phone numbers and some Social Security numbers, was lost in the mail in September. According to a news release from the company, Aetna Signature Administrators had mailed the CD containing member information to another office…
Hit by ransomware, Brandywine Pediatrics recovers quickly and notifies patients
Add Delaware-based Brandywine Pediatrics, P.A. to our growing list of healthcare entities hit by ransomware. The practice notified patients on December 23 that on October 25, they had discovered that their file server was inaccessible due to a computer virus. They did not indicate what type of ransomware was involved. Brandywine reports that were able…