From HHS, an update on the Medical Informatics Engineering breach of 2015 that resulted in a multi-state lawsuit (the first of its kind) in December, 2018: Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective…
Category: Hack
Update: Georgia Tech to offer credit monitoring after data breach affecting 1.3M
Aaron Diamant reports: ATLANTA – Georgia Tech is taking steps to help people whose personal information may have been compromised during a data breach. Channel 2’s Aaron Diamant has been following this story since it broke in April, when the college said someone gained unauthorized access to a web application, affecting nearly 1.3 million people, including “some current…
Equifax just became the first company to have its outlook downgraded for a cyber attack
Kate Fazzini reports: Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade. Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data. “We are treating…
UK: Cyber attack on Sunderland City Council database: Investigation after personal data accessed by hackers
Ross Robertson reports: Hackers have accessed users’ personal details in a cyber attack on Sunderland City Council’s library database. Council chiefs are warning users to be vigilant after a number of customers’ details were accessed during a cyber incident involving the library services customer database. This resulted in the unauthorised access to the details of…
MuddyWater Hacking Group Upgrades Arsenal to Avoid Detection
Sergiu Gatlan reports: The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater. MuddyWater (also known as SeedWorm and TEMP.Zagros) is an advanced persistent threat (APT) group — or a…
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…