On December 22, 2022 DataBreaches added MHMR Authority of Brazos Valley to our non-public breach worksheet. Based on information at that time from Hive threat actors, it appeared that the non-profit Texas mental health and substance abuse treatment provider’s files had been locked on November 5. Their listing on Hive’s leak site was a sure…
Category: Breach Incidents
School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online
Seen on WebsitePlanet: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS). In my many years as…
Attacked by Black Basta, BankCard USA paid ransom.
Marco A. De Felice of SuspectFile (aka @amvinfe) reports that BankCard USA (BUSA) recently paid the Black Basta ransomware group $50,000 ransom. But if BUSA hoped to keep the breach and payment out of the public eye, they should sit down before they read SuspectFile’s reporting, because it is going to make them sad. BankCard…
The Chattanooga Heart Institute to notify 170,450 about March “data security incident”
In May, DataBreaches dutifully noted The Chattanooga Heart Institute (CHI) on our non-public worksheets. At the time, all we knew was that Karakurt threat actors had claimed to have attacked them and to have exfiltrated 158 GB of data. There was no proof of claim offered, but Karakurt wrote: Employees and patients’ private data will…
Hawaiʻi Community College pays ransom to attackers
Law enforcement and experienced ransomware professionals generally advise victims not to pay any ransom demands. Yet the University of Hawaiʻi Community College decided that they would pay following an attack that they first disclosed on June 13. So why did they make that decision? In a statement on their website this week, they explain: After…
IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
From IBM: IBM Security today released its annual Cost of a Data Breach Report,1 showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years. Detection and escalation costs jumped 42% over this same time frame, representing the highest…