Catalin Cimpanu reports: A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums. Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team…
Category: Of Note
Report: 30 Percent of Healthcare Databases Exposed Online
Heather Landi reports: Hackers are using the Dark Web to buy and sell personally identifiable information (PII) stolen from healthcare organizations, and exposed databases are a vulnerable attack surface for healthcare organizations, according to a new cybersecurity research report. A research report from IntSights, “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry,”…
Equifax Breach “Entirely Preventable”: House Oversight Committee
From the good folks at EPIC.org: In a report released today, the House Committee on Oversight declared that the Equifax breach, which affected 148 million U.S. consumers, was “entirely preventable.” The breach, one of the largest in U.S. history, compromised the authenticating details, including dates of birth and social security numbers, of more than half of American consumers….
NJ Fines Health Insurance Provider $100K For Personal Information Breach
Kimberly Bosco reports: New York-based health insurance provider EmblemHealth, Inc. is paying the state of New Jersey a hefty fine for disclosing confidential personal information of over 6,000 New Jersey customers. Attorney General Gurbir S. Grewal and the Division of Consumer Affairs announced on Dec. 10 that EmblemHealth will pay NJ a $100,000 civil penalty….
New Zealand Privacy Commissioner releases annual report
Stuff reports on a case in New Zealand that was cited in a newly-released annual report by the Privacy Commissioner. Disturbingly, the unnamed government agency not only did not set a great example for data protection, but they demonstrated less than admirable response to the incident of insider-wrongdoing that harmed a member of the public….
North Korea-linked Hackers Target Academic Institutions
Ionut Arghire reports: A threat group possibly originating from North Korea has been targeting academic institutions since at least May of this year, NetScout’s security researchers reveal. The attackers use spear-phishing emails that link to a website where a lure document attempts to trick users into installing a malicious Google Chrome extension. Following initial compromise,…