As if yesterday’s news that three databases with 655,000 patients’ records were up for sale on TheRealDeal by “TheDarkOverlord” wasn’t disturbing enough, today they’ve listed a database with 9.3 million records from an unnamed U.S. health insurer. The listing sets a retail price of 750 BTC, which is almost $500,000.00, and the seller describes it this…
Category: Exposure
More details emerge on hacked patient databases up for sale
Yesterday, I reported that three unidentified patient databases had been put up for sale on the darknet on TheRealDeal market. I was subsequently able to have a chat with TheDarkOverlord (the hacker/seller) about the hacks and the refusal of the victims to pay the extortion demands. You can read more of what TheDarkOverlord shared with me…
Trying to get Maricopa County to respond to a privacy concern? Good luck with that!
As I’ve lamented (ok, bitched) many times: trying to notify an entity of a privacy or data security concern can be time-consuming and frustrating if the entity does not provide a clear means to notify them or doesn’t respond to your e-mails or calls. If you are thinking of trying to notify Maricopa County, Arizona…
UK: John Moores University employee data leaked to former employee
Martin Thomas reports that someone at John Moores University goofed and emailed information on current employees to a former employee. The information was that contained in P60 forms, which from looking at a few samples online, appear to be similar to our W-2 statements in that they contain the employee’s name and address, the wages…
Anyone know what healthcare facilities these are? 655,000 patient records up for sale on dark net (UPDATED)
Seen up for sale on a forum (I’m redacting the ads and samples): Healthcare Database (48,000 Patients) from Farmington, Missouri, United States This product is a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext…
Verticalscope sounds serious about password security
I’ve previously posted info on the Verticalscope breach affecting 45 million. But I never posted their breach announcement. As I was just reviewing it, I noticed their response to the breach with respect to new password requirements. I thought it was a bit different, and should be mentioned here. From the What We Are Doing…