PayPal has sent breach notifications to 34,942 users this week. Their notification reads, in part: On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident,…
Category: U.S.
Mailchimp says it was hacked — again
Zack Whittaker reports: Email marketing and newsletter giant Mailchimp says it was hacked and that dozens of customers’ data was exposed. It’s the second time the company was hacked in the past six months. Worse, this breach appears to be almost identical to a previous incident. The Intuit-owned company said in an unattributed blog post that its security team detected an intruder…
MN: Mayo Clinic settles another lawsuit stemming from insider-wrongdoing
Andy Brownell reports: The Mayo Clinic has apparently settled another lawsuit stemming from a data breach by a former Mayo Clinic employee. The lawsuit was filed in November 2020 by Olga Ryabchuk and sought class-action status on behalf of the more than 1600 Mayo Clinic patients who had their medical records improperly accessed. The case was officially…
NYS Comptroller releases another school district IT audit
Frankfort-Schuyler Central School District – Information Technology Assets and Network Access (2022M-151) Released December 30, 2022 Background The District serves the Towns of Frankfort and Schuyler in Herkimer County. The District is governed by the Board of Education (Board), which is composed of seven elected members. The Board is responsible for the general management and…
WA: Therapist notifies clients after tricked by a hacker
Some breaches may be more embarrassing to admit to than others. Kudos to this therapist for forthrightly informing the Washington state attorney general what happened: I am writing to advise you of a computer data breach, which occurred from December 2 to December 4, 2022. I was contacted by a person representing himself as an…
NortonLifeLock warns that hackers breached Password Manager accounts
Bill Toulas reports: Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the…