Jessica Davis has the somewhat predictable follow-up to a recently reported breach involving Insight Global, a contact tracing vendor for the Pennsylvania Department of Health: The Pennsylvania Department of Health and its third-party contractor Insight Global have been sued, after reports that its COVID-19 contact tracing app exposed the sensitive data of at least 72,000…
Category: U.S.
“We are apolitical” — DarkSide threat actors
By now, probably everyone has heard about the Colonial Pipeline security incident that has been linked to threat actors known as DarkSide. On April 12, this site published an email chat with DarkSide. If you missed that chat write-up, you can read it here. On May 8, after the mainstream media reported that the Colonial…
Tulsa, Oklahoma and Rensselaer Polytechnic Institute disclose ransomware incidents
No sector has been spared from ransomware incidents. In this report, we have one from the education sector and one from the government sector. Neither report specifies what type of ransomware or who the threat actors are. And neither one reports how much ransom has been demanded or whether the victim is refusing to pay….
Noblr Reciprocal Exchange to notify 97,633 consumers of breach involving insurance quote platform
The following incident sounds almost identical to the incident reported by American Family Insurance, but this report is from Noblr Reciprocal Exchange (Noblr). As with the one from American Family Insurance, if you receive a letter next week from Noblr, read it. A letter signed by Jennifer Lawrence, their Chief Legal Officer, explains, but begins…
American Family Insurance to notify 283,734 of breach linked to unemployment benefits fraud
American Family Mutual Insurance Company, S.I. (American Family) will be sending out letters on or about May 14 to people who may have — or may not have — sought an auto insurance quote from the firm using the firm’s web site. If you get a letter from them, read it carefully. A letter signed…
Fr: Eco-friendly sneaker brand Veja hacked
Damien Licata Caruso reports that Veja, a French footwear and accessories brand known for its eco-friendly sneakers, was hacked on April 26. The customer database with email addresses of customers was reportedly stolen. Machine translation: There is no banking data in the wild because we don’t store it and stolen passwords are protected by encryption,”…