Catalin Cimpanu reports: A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. Also known as MitM (Man-in-the-Middle) phishing toolkits, these tools have become extremely popular in the cybercrime underworld in recent years after major…
Category: Phishing
Evanston Township High School Defrauded Of $48,570 In Hack That Exposed 1,139 Identities
I’m backfilling a breach report from November as I just saw it now and it seems that others tracking k-12 data breaches may not have been aware of it, either. Jonah Meadows had reported that Evanston Township High School officials in Illinois were scammed out of more than $48,000 during a monthslong data breach that…
WV: Monongalia Health System notifies patients and employees of data breach
Some reportable HIPAA breaches occur in the context of bad actors trying to re-route wire payments. Monongalia Health System in West Virginia seems to have suffered that type of breach. The incident impacted the email system of Monongalia Health System and its affiliated hospitals, Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company….
Oops, did we miss these education sector breaches for k-12?
Came across these today while researching something else, so I thought I would just list them here for those who track k-12 breaches. Coffeyville School District in Kansas had a data security incident in July of 2020 that they detected in August of 2020. Their notification letter of February 2021 indicates that names and SSN…
Facebook takes down accounts for seven “cyber-mercenary” firms
Catalin Cimpanu reports: Meta (formerly Facebook) said today that it suspended accounts on its Facebook and Instagram platforms operated by seven companies that provide surveillance and cyber-mercenary services. Meta said these companies targeted users with links to phishing sites and malware in order to collect login credentials and infect them with malware. Read more at…
NJ: Cancer Care Providers Will Adopt New Security Measures and Pay $425,000 to Settle Investigation into Two Data Breaches
CONSENT ORDER NEWARK – Acting Attorney General Andrew J. Bruck today announced that the Division of Consumer Affairs has reached a settlement with three New Jersey-based providers of cancer care that the State alleges failed to adequately safeguard patient data, exposing the personal and protected health information of 105,200 consumers, including 80,333 New Jersey residents. Under…