Recaps of a few more breach reports I recently read: Diman Regional Vocational Technical High School in New Hampshire joined the ranks of those who have made email attachment errors that exposed employee information to other employees and staff. Information in the spreadsheet included information on current and former employees: names, gender, Social Security numbers, benefit…
Category: Hack
Experts: Hacking of Astros wasn’t advanced, but team’s computer defenses weren’t either
Evan Drellich reports: Both the offender and victim in professional sports’ first hacking scandal might share one trait: a lack of sophistication. Whoever made their way to private Astros information did not appear to do so with an advanced method of entry or cover-up beyond the capacity of any professional programmer. […] At the same…
Lawyers and ethical hackers weigh in on Astros hack
Robert Patrick interviews a number of attorneys and white-hat hackers about whether the government is likely to pursue charges under the Computer Fraud and Abuse Act in this piece in the St. Louis Post-Dispatch.
Unauthorized access gained to Heartland Dental databases
Adam Greenberg reports: Illinois-based Heartland Dental is notifying an undisclosed number of individuals that unauthorized access was gained to a limited portion of its IT systems, and that personal data may have been compromised. How many victims? Undisclosed. What type of personal information? Names, addresses, phone numbers, Social Security numbers, email addresses, certain information related to income and…
Seek and ye shall find: CareFirst notifies brokers and members of 2014 breach
Sometimes doing the right thing can be costly. In the wake of increasing attacks on health insurers (e.g., Anthem, Premera), CareFirst BlueCross BlueShield retained Mandiant to do an end-to-end assessment of their information security environment. The assessment included multiple scans to determine if there was any evidence of any attack. On April 21, 2015, Mandiant uncovered evidence…
Green Tree Services notifies mortgage applicants of 2013 breach that was discovered 10 months ago
Green Tree Services is mailing breach notification letters that begin: I am writing to explain a recent security incident that may involve your personal information. Green Tree Servicing LLC (“Green Tree”) has learned that personal information relating to some customers may have been accessible in a security incident involving potential unauthorized access to certain computer…