As I tooted earlier this morning on Infosec.Exchange: One of the MOVEit victims was the Colorado Department of Health Care Policy & Financing, which was notified by IBM of the data breach. According to their notification, the information types included full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home…
Category: Government Sector
NYS Comptroller Audit: Cyber Incident Response Team (Follow-Up)
Issued Date: July 20, 2023 Agency/Authority: Homeland Security and Emergency Services, Division of Objective To assess the extent of implementation of the two recommendations included in our initial audit report, Cyber Incident Response Team (Report 2020-S-58). About the Program Cybercrimes continue to rise. According to the Federal Bureau of Investigation (FBI), complaints of phishing and similar cyberattacks often…
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
Kevin Beaumont writes: You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented. The Electoral Commission ran Microsoft Exchange Server on IP…
Cumbria Police admits huge data breach as names and salaries of staff published online
Jon Macpherson reports: Another police force has admitted a data breach after the names and salaries of all its staff were accidentally published online. Cumbria Police said that on March 6 it found out information about pay and allowances had been uploaded on its website following a “human error”. The force’s admission comes after an…
CT: New Haven Board of Education victim of $6 million cyber theft
Doug Stewart reports: The city of New Haven suffered a $6 million theft in a cyber attack earlier this year it was announced Thursday. To date, law enforcement officials have recovered over half the money. Officials said the cyber attack targeted the Board of Education’s Chief Executive Officer and Chief Operating Officer in what was described…
Russia ‘prime suspect’ in cyber attack which saw names and addresses of 40M UK voters exposed – reports
Imogen Howse reports: Russia is suspected to have been behind a cyber attack which exposed the data of tens of millions of voters in the UK, raising fears it was an attempt to undermine democracy. The Electoral Commission admitted on Tuesday (8 August) that hackers had been able to access reference copies of electoral registers from between the years…