DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads, in…
Category: U.S.
‘Fraud is fun’: Teen hacker charged with breaking into DraftKings accounts leading to theft of $600,000
Lukas I. Alpert reports: A boastful teenage hacker has been charged with orchestrating a break-in to the sports betting website DraftKings, which led to $600,000 being drained from hundreds of customer accounts. Joseph Garrison, 18, of Madison, Wis., is accused of using stolen log-in and password combinations he bought on the dark web to hack…
OH: Buckley King law firm hit by BlackBasta
Ransomware groups often promise to keep everything confidential if their victim pays them. They can’t do that if their chats are not secure and someone is able to shoulder-surf or otherwise get access to the negotiations and any files provided by the attackers as proof — or any bitcoin wallet addresses. If victims think or…
Indiana University exposes sensitive student data
Jurgita Lapienytė reports: Each year, hundreds of institutions across the US and Canada ask their first-year, transfer, and older students to participate in a survey about their prior academic and co-curricular experiences. They also ask them to share their expectations from the coming year. The survey isn’t anonymous – students are asked to enter their…
AG Platkin Co-Leads $2.5-Million Multistate Settlement with EyeMed Over 2020 Data Breach
NEWARK–Attorney General Matthew J. Platkin announced today that New Jersey is co-leading, with Oregon and Florida, an overall $2.5-million settlement with EyeMed Vision Care (“EyeMed”) that resolves an investigation into a data breach that compromised the personal and medical information of approximately 2.1 million people, including more than 52,000 from New Jersey. Pennsylvania also joined…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….