Oded Yaron reports: A group of hackers purportedly linked to Iran said on Monday that they had succeeded in hacking into the system used to transfer money between Israeli banks and through it entered into people’s personal accounts. However, Israel’s National Cyber Directorate and the Bank of Israel, which operates the network, said they found…
Category: Hack
New York dental insurer reports phishing incident, French hospital group hit in ransomware incident
Healthplex, Inc. in New York provides dental insurance plans. On November 24, 2021, an employee reportedly fell for a phishing attempt. As a result, the insurer notified 76,262 of their insured members whose personal information may have been impacted. They do not make clear whether their investigation confirmed access and exfiltration or just access, so…
NH: Center for Life Management breach impacted mental health clients
From their notice: The Mental Health Center of Greater Manchester (“MHCGM”) is providing notice of a recent data security event that occurred at a third-party community partner MHCGM had used for data storage, Center for Life Management (“CLM”), that may impact the privacy of certain information relating to MHCGM patients or those who were assessed…
Illuminate Education breach that affected NYC schools spreads to other districts
Benjamin Freed reports: A school district in Coventry, Connecticut, notified families of its students this week that students’ data may have been swept up in a breach of one of its vendors earlier this year. The breach-notification letter, dated Tuesday, stated that data belonging to the roughly 1,700 students enrolled in Coventry Public Schools may have…
Scott County, Iowa discloses data security incident
Seen on the county’s website, dated April 22, 2022: Notice of Data Privacy Event Scott County, Iowa (“Scott County”) is providing notice of a data privacy event. To date, we have no evidence of actual or attempted misuse of information as a result of this incident. In an abundance of caution, we are notifying potentially…
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
Sergiu Gatlan reports: GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including…