So I meant to report on this breach last week, but when I went to their web site to see if they had any notification up, I started browsing all the Japanese and Eastern Asian art, and forgot to get back to writing up the breach report. Thanks to “Russy” who sent me a reminder…
Category: Malware
DrBenLynch.com notifies customers of payment card compromise
DrBenLynch.com is a commercial site that focuses on naturopathic research and supplements. At least I think it does. The site is down right now “for maintenance,” which seems to be this generation’s euphemism for “OK, we were hacked and we’re fixing things.” As reported to at least a few state attorneys general, DrBenLynch.com experienced a…
MO: Use BJC’s patient portal to pay your bills? Company announces possible malware breach.
Hana Muslic reports: At least 5,850 people have been alerted about a possible breach of credit card information through Barnes-Jewish Company HealthCare’s online payment portal. On Nov. 19, BJC learned information submitted through the portal could have been intercepted through the use of a malicious computer software that had been installed on their website, a…
GA: Mind & Motion notifies 16,000 after ransomware attack
One of the newer incidents appearing on HHS’s public breach tool this week is a report from Mind & Motion, LLC in Georgia. Mind & Motion offers various types of therapeutic modalities. On September 30th, 2018, they discovered that their server had been attacked with ransomware. In a notification to patients, they write: We have…
Ticketmaster tells customer it’s not at fault for site’s Magecart malware pwnage
From the maybe-if-we-just-say-it’s-not-our-fault? dept, Gareth Corfield reports: Ticketmaster is telling its customers that it wasn’t to blame for the infection of its site by a strain of the Magecart cred-stealing malware – despite embedding third-party Javascript into its payments page. In a letter to Reg reader Mark, lawyers for the controversy-struck event ticket sales website said that Ticketmaster “is…
Over 40,000 credentials for government portals found online
Catalin Cimpanu reports: A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums. Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team…