On February 16, the NYS Department of Financial Services issued a cybersecurity fraud alert involving public-facing web sites where consumers could request “instant quotes” for car insurance or other products. The alert warned insurers that private information used to prefill requests was being stolen and misused for pandemic unemployment benefits fraud. At the time, they…
Category: Hack
Health Plan of San Joaquin notifying more than 420,000 of email hack last year
On or about October 12, Health Plan of San Joaquin (HPSJ) learned of unusual activity affecting its email system. On October 23, 2020, the investigation determined that an unknown person(s) had accessed a number of HPSJ employee email accounts between September 26, 2020 and October 12, 2020. Yesterday, HPSJ sent out notifications and notified the…
NY: Filters Fast Settles Charges Stemming from Failure to Patch Critical Vulnerability Exploited in 2019 Data Breach
In 2019, Filters Fast experienced a data breach when a threat actor exploited a plugin vulnerability in vBulletin. Using SQL injection, the attacker was able to obtain consumers’ cardholder names, billing addresses, expiration dates, validation codes, and primary account numbers for purchases made between June, 2019 and July, 2020. Filters Fast did not detect any…
Student health insurance carrier Guard.me suffers a data breach
Lawrence Abrams reports: Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders’ personal information. guard.me is one of the world’s largest insurance carriers specializing in providing health insurance to students while traveling or studying abroad in another country. Read more on BleepingComputer.
Crypto exchanges BtcTurk and Pi Network linked to security incidents
CoinTelegraph reports: Major Turkish crypto exchange BtcTurk came forward about a data breach from mid-2018 that leaked sensitive information of over 500,000 users. According to the official announcement, the stolen data set contains BtcTurk users’ names, citizen ID numbers, emails, addresses, birthdates and mobile phone numbers. The stolen data set first appeared on an online…
Ca: After daycare site data theft, Quebec National Library shutting briefly for security upgrade
Selena Ross reports: Quebec’s Bibliotheque Nationale is shutting down, and going partly offline, until next Tuesday because it uses the same technology company that served the daycare booking website that had its data stolen earlier this week. “Following the attack on the government site La Place 0-5 earlier this week, the Government Cyber Defense Center…