And this, kids, is what happens when an entity keeps ignoring vulnerability reports from researchers or infosec folks. In this case, an IT consultant, “N.T.R.,” hacked civilsupplieskerala.gov: “I wrote to the NIC several times pointing to the vulnerabilities and even called the civil supplies office warning them about a possible breach, but they ignored me….
Category: Government Sector
UK: Ealing Council loses ‘sensitive’ personal data after social worker leaves court documents on roof of car and drives off
David Rivers reports: The personal information of almost 30 people was lost after an Ealing Council social worker left court documents on the roof of her car and drove off. Personal data relating to 27 people including 14 children, some of it sensitive, was lost following the blunder in February and have never been recovered. Read more…
Ca: 197 patient health records ‘inappropriately accessed’ by provincial employee — for birthday cards
Bryce Hoye reports: A former government employee wasn’t up to anything nefarious when she peeked at the private health records and home addresses of Manitoba patients — she just wanted to know where to send her love and birthday wishes. A spokesperson with Manitoba Health said an internal investigation is underway after 197 patient health records were “inappropriately accessed”…
AU: Human Services admits privacy breach.
Paris Cowan reports: The Department of Human Services has admitted it uploaded sensitive Medicare claims records to the wrong recipient’s electronic health records 86 times in the 12 months to 30 June 2016. DHS, which is responsible for the operation of the Medicare medical rebate scheme, is obliged under law to report any data breaches…
MI: Lansing Board of Water & Light paid $25,000 ransom after cyberattack in April
There’s an update to a ransomware attack on Lansing Board of Water & Light that had been reported back in May. The Lansing State Journal reported this week: The Lansing Board of Water & Light paid a $25,000 ransom to unlock its internal communications systems after they were disabled by a cyberattack last spring, officials…
Washington State Government Breached, Administrator Accounts Dumped Online
Lee Johnstone reports: Earlier today a hacker using the handle @CyberZeist announced a breach on the Washington state government website. Today’s breach was announced on twitter and posted to pastebin [link removed by DataBreaches.net], and it contained 59 administrator accounts with user email addresses, encrypted passwords and salts. Read more on CyberWarNews.info.