Yoav Gonen reports: The city Department of Finance inadvertently emailed a roster of all of its staff — containing home addresses, cell numbers and personal email addresses — to the agency’s roughly 1,800 employees in a botched test of its emergency notification system, THE CITY has learned. The snafu was accompanied by automated calls to…
Category: Government Sector
UK: Press notice regarding data breach at Norfolk and Suffolk police
Norfolk and Suffolk constabularies have identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022. A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the…
Colorado Department of Health Care Policy & Financing reports more than 4 million affected by MOVEit breach
As I tooted earlier this morning on Infosec.Exchange: One of the MOVEit victims was the Colorado Department of Health Care Policy & Financing, which was notified by IBM of the data breach. According to their notification, the information types included full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home…
NYS Comptroller Audit: Cyber Incident Response Team (Follow-Up)
Issued Date: July 20, 2023 Agency/Authority: Homeland Security and Emergency Services, Division of Objective To assess the extent of implementation of the two recommendations included in our initial audit report, Cyber Incident Response Team (Report 2020-S-58). About the Program Cybercrimes continue to rise. According to the Federal Bureau of Investigation (FBI), complaints of phishing and similar cyberattacks often…
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
Kevin Beaumont writes: You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented. The Electoral Commission ran Microsoft Exchange Server on IP…
Cumbria Police admits huge data breach as names and salaries of staff published online
Jon Macpherson reports: Another police force has admitted a data breach after the names and salaries of all its staff were accidentally published online. Cumbria Police said that on March 6 it found out information about pay and allowances had been uploaded on its website following a “human error”. The force’s admission comes after an…