Liisa M. Thomas, Tracy Chau, and Kathryn Smith of SheppardMullin write: TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the incidents, threat actors gained access to customer information, including names, addresses, and features…
Category: Hack
ICO reprimands the Electoral Commission after cyber attack compromises servers
The U.K.’s Information Commissioner’s Office issued the following statement today: We have issued a reprimand to the Electoral Commission after hackers gained access to servers that contained the personal information of approximately 40 million people. In August 2021, hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server by impersonating a user account and exploiting known…
CA: Legal services vendor hacked in April, medical information acquired by hacker
Another legal services vendor discloses a breach: Compex Legal Services Inc. (“Compex”) recently discovered an incident that may have impacted the privacy of information related to certain individuals. Compex provides record retrieval and litigation support services to insurance carriers, third party administrators and law firms. As Compex continues to investigate and work toward notifying impacted…
Third-party breach resulted in Singapore Moneylenders Credit Bureau being leaked by GhostR (UPDATED)
Threat actors known as GhostR claim to have stolen more than 50 GB of files on loan borrowers from the Singapore MLCB (the Moneylenders Credit Bureau). They have offered some of the data as a leak on a popular hacking forum and provided proof of claims in the form of copies of completed loan applications:…
Kuwait Court Drops Case Against Notorious Pentagon Hacker
Asharq Al-Awsat reports: The Kuwaiti Court of Cassation upheld on Sunday the dismissal of criminal charges against a notorious Kuwaiti hacker who had infiltrated hundreds of websites around the world, including the US Department of Defense’s (Pentagon) website. The Court of Cassation, the highest judicial authority, affirmed a previous ruling by the Court of Appeals…
MNGI Digestive Health joins ranks of “late-notifiers,” finally notifying more than 767,000 patients of breach last summer
This seems to be the month in which many people affected by healthcare breaches in the summer of 2023 are first being notified individually (see, for example, reports on Southcoast Medical and Florida Community Health Centers). Here’s a third one: MNGI Digestive Health was the victim of a cyberattack on August 20, 2023. They reportedly discovered the breach…