Hunton Andrews Kurth writes: On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS”) disclosed that it had assessed a $60 million penalty against T-Mobile US, Inc. (“T-Mobile”) in connection with unauthorized data access incidents following T-Mobile’s 2020 merger (the “Merger”) with Sprint Corporation (“Sprint”). CFIUS is a U.S. government interagency…
Category: Breach Incidents
Tabb Inc. Security Gaffe Exposes 200,000 Background Check Files for More Than Six Months (2)
An unsecured backup blob exposed pre-employment background checks on approximately 200,000 people. Applicant files contained various amounts of personal and occupational information, including SSN, name, address, driver’s license, date of birth, education and employment history, and in some cases, criminal background checks. Files went back 15 years. The blob was unsecured for at least six…
Kootenai Health sends notifications for 464,088 people after February attack
More than five months after discovering an attack that disrupted access to some of its IT systems, Kootenai Health is sending notification letters to 464,088 patients, employees, and employees’ dependents. Kootenai Health describes itself as providing a comprehensive range of medical services to patients in north Idaho, eastern Washington, Montana and the Inland Northwest at…
Gramercy Surgery Center hacked; data leaked on dark web (1)
Gramercy Surgery Center (“Gramercy”) is an ambulatory surgery center with locations in Manhattan and Queens, New York. On or about July 15, the threat actor(s) known as Everest Team added Gramercy to its leak site. Everest claimed to have acquired more than 460 GB of files but offered only images of two old files as…
Senator Demands Answers About AT&T Data Breach from Company, Federal Agencies
Irvin Jackson reports: Following a massive AT&T data breach that resulted in the theft of tens of millions of customers’ phone and text messaging history, a U.S. Senator has sent a request for more information about how the breach occurred and when federal agencies learned about the problems, suggesting that cyberattack could represent a threat…
Wyatt Detention Center hit with federal lawsuit over data breach
Alexander Castro reports: A data breach at Donald W. Wyatt Detention Facility had 10 times the number of victims originally estimated last year, according to a class-action lawsuit filed last week in Rhode Island U.S. District Court. The breach occurred on Nov. 2, 2023. Four days before Christmas, the Central Falls facility publicized that the personal data of…