Happening now: A number of hospitals are filing breach notices this week that appear to be linked to a breach at Adelanto HealthCare Ventures (AHCV) in 2021. The hospitals are all owned by Universal Health Services LLC (UHS). So far, DataBreaches has found McAllen Hospitals, LP d/b/a South Texas Health System, Doctors Hospital of Laredo,…
Category: Of Note
NY: Students’ bank accounts compromised because of vendor ticketing software breach affecting colleges nationwide (UPDATED)
Prakriti Panwar reports: Almost a month after attending a concert at Cornell University featuring Beach Bunny — a popular alternative rock band — on Jan. 28, several Ithaca College students’ credit and debit card information was breached and varying amounts of money were stolen. On Feb. 24, Information Technology at Cornell University released a security alert informing students that…
Hackers compromise 3CX desktop app in a supply chain attack
Sergiu Gatlan reports: A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and…
ChatGPT Suffers First Data Breach, Exposes Personal Information
Dom Nicastro reports: OpenAI’s ChatGPT has suffered its first major personal data breach. The breach came during a March 20 outage and exposed payment-related and other personal information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window, according to a blog post by OpenAI Friday, March 24. “In the hours before we…
Cyberattack on debt-buying giant exposes sensitive info on nearly 500,000 people
Jonathan Greig reports: Nearly half a million people had their sensitive financial information leaked during a cyberattack on NCB Management Services – a company that purchases debt. The Pennsylvania-based company sent out breach notification letters last week after discovering the attack on February 4. In documents filed with Maine’s Attorney General, the company said 494,969 people had…
Norwegian data protection authority fines U.S. firm almost $240,000 for failure to notify within 72 hours
It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…