NEW YORK – New York Attorney General Letitia James today announced the results of a sweeping investigation into “credential stuffing” that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies. Attorney General James released a “Business Guide for Credential Stuffing Attacks” that details the attacks — which involve repeated, automated attempts to access online…
Category: U.S.
UScellular discloses data breach after billing system hack
Segiu Gatlan reports: UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company’s billing system was hacked in December 2021. The mobile carrier said in data breach notification letters sent to 405 impacted individuals that the attackers also ported some of the affected customers’ numbers using personal information stolen…
Fired University of Utah researcher exposes breaches in student data
Chris Jones and Nadia Pflaum of KUTV report: Dr. Judith Zimmerman knew she was fired for doing the right thing. She was the lead investigator on a research project on autism in children, which she spearheaded at the Utah Department of Health. She brought that project, and a very sensitive database of data, to the…
Morgan Stanley to pay $60 million to resolve data security lawsuit
Jonathan Stempel reports: Morgan Stanley agreed to pay $60 million to settle a lawsuit by customers who said the Wall Street bank exposed their personal data when it twice failed to properly retire some of its older information technology. A preliminary settlement of the proposed class action on behalf of about 15 million customers was…
Out with the old, in with the new? Saltzer Health, Broward Health report data breaches impacting protected health information
Saltzer Health, Idaho As 2021 wound down, Saltzer Health in Idaho reported a breach it had discovered on June 1. According to their notification, an employee’s email account had been compromised. Investigation showed the access began on May 25. On December 29, Saltzer issued a notice that disclosed the incident and reported that the types…
UVA Health notified patients after Ciox Health data breach (updated)
Someone on Twitter asked me what the first breach of 2022 would be. The following public notice is not the first breach of 2022. It is a 2021 breach that just showed up after midnight in my news search this morning. And because it involves a third-party breach, we may see other covered entities affected,…