Whitworth University may start experiencing more legal costs stemming from a ransomware attack in 2022. Kip Hill reports: A Whitworth University student is asking a federal judge to approve a class action against the school for damages stemming from a ransomware attack discovered in July 2022 that affected more than 65,500 people. The lawsuit, filed…
Category: Commentaries and Analyses
Barrow County notifies people of a breach that began more than a year ago
Barrow County in Georgia issued a breach notice about a breach of its email environment that occurred between March and August of 2022. Its notification, posted on its website, states, in part: The type of information at issue varied for each individual, but included a variation of the following: name; date of birth, Social Security…
HHS Office for Civil Rights Settles HIPAA Investigation with iHealth Solutions Regarding Disclosure of Protected Health Information on an Unsecured Server for $75,000
HHS has announced another Security Rule enforcement action. This one involves iHealth Solutions (dba Advantum Health), a business associate. The incident involved an unsecured server where protected health information of patients was exfiltrated. The iHealth incident had been discovered by Kromtech Security and was first reported by DataBreaches on May 9, 2017. On May 10,…
Sweetwater Union High School District now admits February outage was a hack, but still hasn’t answered questions
There’s an update to a report in February about an outage that wasn’t described at the time as a hack or ransomware attack. Laura Acevedo reports: The Sweetwater Union High School District has confirmed a hack was the cause of a days-long system outage at their facilities, saying the personal information of employees, students, and families…
UK: Prosecution of tracing agent for illegally obtaining personal information
An enforcement action and prosecution was announced by the U.K. Information Commissioner’s Office this week: A former tracing agent pleaded guilty and was fined for illegally obtaining personal information to check if customers of a high street bank could repay their debts. Michael Isaacs, 80, from Epsom, Surrey was the sole director of Datasearch Services…
Law enforcement seizes domains owned by “Pompompurin” and one currently owned by DataBreaches
When the owner of Breached.vc was arrested in March, people expected to see Conor Fitzpatrick’s BreachForums site seized by authorities. Somewhat surprisingly, it wasn’t, and Baphomet, the forum’s administrator, was able to post messages on the site explaining what was going on and that he was taking the site down for fear it had been…