Yesterday, DataBreaches.net reported on a misconfigured rsync backup that had been detected by Kromtech Security. The security firm had contacted DataBreaches.net for notification assistance on May 3 after unsuccessfully trying to notify iHealth Innovations that patient data from Bronx-Lebanon Hospital Center could be accessed and downloaded without any login required. One week later, we still do…
Category: Commentaries and Analyses
BEC attacks have hit thousands, top $5 billion in losses globally
It’s nice to see this site’s findings agree with government assessments of a problem. It’s also nice to see our efforts put to good use. Steve Ragan has a new piece on Salted Hash with an update on BEC attacks, including those targeting W-2 information. DataBreaches.net has already compiled more than 200 instances of W-2 BEC…
IC3 Warns of Increase in BEC/EAC Schemes
The Internet Crime Complaint Center (IC3) has issued an alert describing a growing number of scams targeting businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. These sophisticated scams are classified as business email compromise (BEC) or email account compromise (EAC) and use social engineering techniques to defraud businesses. Users and…
TheDarkOverlord dumps 180,000 patients’ records from 3 hacks
While thousands of their followers on Twitter seem to be eagerly waiting for TheDarkOverlord (TDO) to dump more tv films or episodes of popular series, TDO went non-fiction this morning, dumping patient/medical records from some of their hacks in the healthcare sector last year. All told, almost 180,000 patients had their personal information shared with the world. Two of…
UK: Fertility patient data breach fine would have been much higher under GDPR
John Bryan uses a recent monetary penalty by the Information Commissioner’s Office to contrast what might happen to fines under the GDPR. Fertility patients being treated at the Lister Hospital, part of the US-based HCA Healthcare group, discovered in April 2015 that transcripts of their confidential patient-doctor conversations were publicly available on the world wide web….
China arrests over 4,200 for personal information fraud in 2016
Xinhua reports: Chinese police caught over 4,200 suspects for theft of personal information in 2016, with over 1,800 cases solved, according to the Ministry of Public Security (MPS). The police also managed to track more than 30 billion stolen personal information items last year, while nearly 100 of the suspects were hackers. Read more on…