In 2017, fashion retailer Forever 21 experienced a malware attack on its card payment system that compromised customers’ payment cards. The breach was an embarrassment on a number of levels because the attacker had access to their system for about 7 months, and Forever 21 did not seem to have discovered the breach on their…
Category: Breach Incidents
Developing: Hospital Sisters Health System and Prevea Health hit by cyberattack
Yesterday, DataBreaches received a phone call from an employee at St. Vincent Hospital in Green Bay, Wisconsin. The employee was asking if we knew anything about a cyberattack on Hospital Sisters Health System (HSHS) and stated that everything had been down for two days but the employees were not really being given information other than…
El Salvadoran database raises questions of possible political intrigue
A database listed for sale on a popular hacking forum may raise some political questions for El Salvadorans. On August 16, a listing offered 114GB of files with facial photos and 5.1 million records with El Salvadorans’ “full name, dui, date of birth, address, telephone, email and hd photo of the face.” DataBreaches was contacted…
Two more attacks involving sensitive data: a plastic surgery center in Brazil and a psychiatric hospital in Lithuania
Although it’s impossible for DataBreaches to really monitor for attacks on medical entities around the world, here are two non-U.S. ones recently spotted that both involve sensitive data. Plastic Surgery Practice in Brazil This week, DataBreaches spotted a listing for data from a Brazilian plastic surgery practice. The seller, who calls himself “TheSnake,” claims to…
IL: Morris Hospital discloses breach that Royal claimed responsibility for in May; notifies 248,943
Morris Hospital & Healthcare Centers (Morris Hospital) has issued a notification concerning a cybersecurity incident they discovered on April 4. The incident affects current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries. According to their explanation, their forensic investigation determined that “just prior to the incident,” data…
IN: Cummins Behavioral Health Systems discovers cyberattack when it finds ransom note
Sometime between Feb. 2 and March 9 of this year, Cummins Behavioral Health Systems (CBHS) in Indiana became a victim of a cyberattack. CBHS is a private not-for-profit organization providing behavioral health services in Boone, Hendricks, Marion, Montgomery, Putnam, and surrounding counties in Central and West Central Indiana. It provides care to persons of all…