The Office of Inadequate Security
On Wednesday, the RansomHub ransomware group added a listing for DoctorsToYou in New York to their leak site. Their listing included several screencaps that revealed personally identifiable information (PII) and protected health information (PHI). Some of the files specifically showed their name or letterhead. The listing did not indicate how many GB of data RansomHub…
Marianne Kolbasuk McGee A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records. The incident affected inmates who received medical care between January 2012 and July 2022…
Ireland Live reports: The Police Service of Northern Ireland has been fined £750,000 for an “egregious” data breach in which the personal information of staff and officers was released. The Information Commissioner’s Office (ICO) fined the organisation for the “serious” breach that left many PSNI workers fearing for their safety and said “simple-to-implement” procedures could…
For your “No need to hack if it’s leaking” files, C. J. Getting reports: Confidential student information was unintentionally leaked in Naperville Central’s School Improvement Plan, which was released publicly on Friday, Sept. 20. It was removed on Tuesday, Sept. 24 around 3:35 p.m. when Central Times staff brought the breach to the attention of…
The Express Tribune reports: A serious data breach has exposed the personal information of millions of French citizens. Cybersecurity researchers at Cybernews discovered an open Elasticsearch server containing a trove of data from at least 17 separate data breaches. This database, nicknamed “vip-v3,” held information on an estimated 95 million French individuals, representing a significant…
Several days ago, Cybernews claimed “exclusive research” that they headlined by claiming, “One-third of the US population’s background info is now public.” DataBreaches pointed out that their reporting was missing important details. DataBreaches wrote: Unfortunately, they fail to clearly report when they discovered the leak, whether or when they contacted the entity to alert them…