Josh Renaud reports: Documents containing Social Security numbers and other private information for thousands of Missourians are accessible to anyone using the Casenet website, the state’s judicial records system, the Post-Dispatch recently discovered. Missouri Supreme Court officials have acknowledged the issue after being alerted by the Post-Dispatch, and they fixed one vulnerability on Casenet. But…
Category: U.S.
Some ‘sensitive information’ potentially compromised: Diocese of Las Vegas reports cybersecurity breach
Alyssa Roberts reports: The Diocese of Las Vegas on Friday announced a cybersecurity breach that potentially compromised “sensitive information of its volunteers, parishioners, donors and other stakeholders,” a news release states. A spokesperson noted there was “no indication that personal information has been misused,” but said the Diocese would notify those who may have been…
United HealthCare reports a data breach that may have revealed the customer’s personal information
The CBS reports: United HealthCare made customers aware of a data breach on Friday, which temporarily allowed access to personal information for those enrolled in the company’s healthcare plans. According to a statement, “suspicious activity” was noticed on the UHC mobile application “that may have led to the disclosure of member information.” The company says…
Many Public Salesforce Sites are Leaking Private Data
Brian Krebs reports: A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging…
Emmanuel College working to recover from attack that claims faculty and student data stolen
Emmanuel College in Boston appears to have become a victim of Avos Locker. The college was added to the threat actor’s leak site yesterday, with a note saying, “Oh no! 140GB student and staff confidential data exfiltrated. If you value protecting students, pay us instead of shutting down domains.” Although there is no notice on…
BakerHostetler’s 9th annual Data Security Incident Response Report
BakerHostetler’s annual report is out, and as always, it is a great read because it provides statistics and analysis of the more than 1,100 data breach incidents the law firm handled in 2022. Ted Kobus provides a bit of the history of the firm’s Digital Assets and Management Group. Here’s just one graphic from the…