HHS announced another settlement today. This one stemmed from a 2011 incident that was previously covered on this site. Once again, the take-home message is that you need to do a risk assessment, and you need a risk management plan commensurate with your risk assessment. In this case, there was no prior risk assessment, and…
Category: Phishing
Phishing scam diverts more than $40K from Denver Public Schools
Michael Konopasek reports: A computer hacking scam has made $40,000 of direct deposit money for Denver Public Schools employees disappear. Internet thieves are suspected of stealing the funds that were intended to pay the school district staff Read more on Fox31. Sadly, it appears that despite the district’s training/awareness efforts, at least 30 employees fell…
Virginia Adds Notification Requirements for Payroll Incidents to Breach Law
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write: With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam. More specifically, the law requires that they notify…
Washington University School of Medicine hit by phishing attack, patient info may have been accessed
KSDK reports: A third party may have gained unauthorized access to patient information — including names, birth dates and social security numbers — after a phishing attack at Washington University’s medical school. A post on the Washington University School of Medicine website said an employee fell for a phishing email designed to look like an official request…
Coastal Carolina University works to recover money stolen in phishing scam
Lisa Gresci reports: Coastal Carolina University continues to work to recover money that was stolen from the college in a phishing scam. A release from CCU stated an individual who claimed to represent a company under contract with the university contacted its financial services via email and requested to change the company’s bank account information….
Lithuanian Man Arrested For Theft Of Over $100 Million In Fraudulent Email Compromise Scheme Against Multinational Internet Companies
Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies…