UPDATE April 11: I have received no further information from Boston U., or any response from the individual who had claimed to have hacked them, but I noticed that the paste was deleted from siph0n.in where I had seen it – and on the same day that I reported it here. A cached copy was still available…
Category: Breach Incidents
Turkish Citizenship Database Leak (Update 2)
Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure? Seen online after a subsequently-deleted tweet called attention to it: This paste with a link to a 6.6 GB file, purportedly containing clear-text information on 49,611,709 Turkish citizens, including the following details: National Identifier (TC Kimlik…
Vulnerabilities in a Third-Party Healthcare Payment Processor
Randy Westergren looked into Christiana Care’s online payment portal, which involves a third party payment processor developed by BYL Companies, LLC. What Randy found was very concerning, and he promptly notified BYL of his findings. You can read his write-up of it all on his site. So here’s the thing: how many people may have actually exploited the vulnerability…
Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector
A grand jury in the Southern District of New York indicted seven Iranian individuals who were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps, on computer hacking charges related to their involvement in an extensive campaign…
NY: Treasure trove of Grand Street Medical Associates patient data exposed and indexed
Grand Street Medical Associates is a multi-disciplinary practice in Kingston, New York. At some point, what appears to be a vast amount of their patients’ protected health information was left exposed on an unsecured FTP server. The leak was discovered by a security researcher, who notified GSMA and then contacted DataBreaches.net on March 12. According…
Missing mental health assessments result in HIPAA notifications by VA to 373 veterans
I was skimming the Veterans Administration report to Congress on data breaches and incidents for February and thinking, “Hey, this looks pretty good this month,” and then…. I saw an incident involving the VA Midwest Health Care Network in St. Cloud, Minnesota. On February 9, a staff member conducted group meetings to complete a paper packet with…