There’s one more update to a 2014 breach that impacted 65,000 employees of UPMC. The civil suit by the employees settled in July, so this may be the last of the legal activity stemming from this case. PITTSBURGH, PA – Justin Sean Johnson was sentenced on Friday to the statutory maximum sentence of 60 months’…
Category: U.S.
CISA Alert (AA21-291A) BlackMatter Ransomware
Technical Details Overview First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based…
Student and personnel files from Manhasset Union Free School District appear on the dark web (UPDATED)
On October 7, the Manhasset Union Free School District revealed that it may have been the victim of a ransomware attack. There can no longer be any doubt that they were attacked. Over the weekend, Vice Society threat actors dumped the district’s data on their dark web leak site. Inspection of some of the files…
Popular student monitoring software could have exposed thousands to hacks
Mark Keierleber reports: A monitoring company that thousands of schools used during remote and hybrid learning to ensure students were on task may have inadvertently exposed millions of kids to hackers online, according to a September report by the security software company McAfee. The research, conducted by the McAfee Enterprise Advanced Threat Research team, discovered the…
Adult students’ SSNs from more than 60 years ago caught up in Ohio breach
One of the recurring themes in this site’s blog posts this year has been the fact that way too many entities not only store old data, but fail to secure it or protect it adequately from malware attacks or other attacks. Today’s unhappy example comes to us from Apollo Career Center (“Apollo”), an adult education…
A rough week for Missouri teachers who are notified of not one, but two separate incidents
The Public School and Education Employee Retirement Systems of Missouri has notified 349,246 employees and retirees of a security incident that occurred on September 11. According to their notification letter, an employee’s email account was accessed by an unauthorized individual for less than one hour on that date before IT disabled the account after being…