Lawrence Abrams reports: T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records. Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information. According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm…
Category: U.S.
Cornelia, Georgia hit by ransomware attack on the day after Christmas
Posted on: December 29, 2020 by the City of Cornelia: City of Cornelia Ransomware Incident The City of Cornelia is dealing with a ransomware incident that began on December 26. We have anticipated situations such as this and, out of an abundance of caution, we have taken down our network while we investigate and restore our…
EXCLUSIVE: Conti describes how they attacked Leon Medical Centers; shows DataBreaches.net almost 2 million patient-related files
I’ve always resisted any urge to write a “worst breaches of the year” piece at the beginning of December because I just know that if I do, there’s going to be something that would be on my “worst” list if only I had waited a few weeks. The Conti ransomware attack on Leon Medical Centers…
Bill & Melinda Gates Foundation’s Charity GetSchooled Breaches 900k Children’s Details
WELP reports: The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals,…
OR: Treasure Valley Community College notifies community members of breach after late discovery
Treasure Valley Community College (“TVCC”) has become aware of a data security incident that may have involved the personal information of certain TVCC community members. TVCC is offering complimentary credit monitoring services to them. On August 25, 2020 , TVCC learned that unauthorized access to an employee email account had by an unknown person may have exposed personal…
FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule
Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…