Bill Toulas reports: The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims’ bank accounts. Read more at…
Category: Phishing
UK: ‘Human error’ let criminals hack SEPA’s systems with £42m unaccounted for
David Bol reports: Scotland’s auditor general has revealed that a huge cyber attack on the Scottish Environmental Protection Agency (Sepa) was carried out after “human error” allowed criminals to access systems. Sepa suffered a huge ransomware attack on Christmas Eve in 2020 which led to around 1.2GB of data, amounting to at least 4,000 files,…
WA: Patient info possibly disclosed in Spokane Health District data breach
Erin Robinson reports: The personal health information of more than 1,000 people may have been disclosed when staff at Spokane Regional Health District opened a phishing email. The data breach happened on December 21, 2021. SRHD Information Technology staff were immediately alerted and discovered files containing client-protected health information may have been “previewed” by the…
Sacramento County: Hundreds of personal records exposed in data breach
Jose Fabian provides details on a Sacramento County phishing incident reported to HHS last month: Hundreds of records containing personal information of Sacramento County residents were exposed in a phishing attack last year, the county said. Sacramento County said 2,096 protected health information and 816 personal identifiable records were exposed during a cyber attack on June…
WordPress plugin flaw puts users of 20,000 sites at phishing risk
Bill Toulas reports: The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. ‘WP HTML Mail’ is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send…
Two covered entities who discovered breaches last summer first notifying patients
Two breaches that were first reported to HHS in November have now been more fully disclosed. Both of the following breaches were first reported to HHS in November as impacting 500 or 501 patients — entries that this site usually suspects are just “markers” for “we have no idea yet how many were impacted.” Anne…