Martin Bilbao reports: The city of Tenino fell victim to a fraudulent scheme that cost it $280,309 in public funds, according to the Washington State Auditor’s Office. Former Clerk Treasurer John Millard initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts from March 19 to May 4, 2020, per…
Category: Phishing
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
Catalin Cimpanu reports: A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. Also known as MitM (Man-in-the-Middle) phishing toolkits, these tools have become extremely popular in the cybercrime underworld in recent years after major…
Evanston Township High School Defrauded Of $48,570 In Hack That Exposed 1,139 Identities
I’m backfilling a breach report from November as I just saw it now and it seems that others tracking k-12 data breaches may not have been aware of it, either. Jonah Meadows had reported that Evanston Township High School officials in Illinois were scammed out of more than $48,000 during a monthslong data breach that…
WV: Monongalia Health System notifies patients and employees of data breach
Some reportable HIPAA breaches occur in the context of bad actors trying to re-route wire payments. Monongalia Health System in West Virginia seems to have suffered that type of breach. The incident impacted the email system of Monongalia Health System and its affiliated hospitals, Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company….
Oops, did we miss these education sector breaches for k-12?
Came across these today while researching something else, so I thought I would just list them here for those who track k-12 breaches. Coffeyville School District in Kansas had a data security incident in July of 2020 that they detected in August of 2020. Their notification letter of February 2021 indicates that names and SSN…
Facebook takes down accounts for seven “cyber-mercenary” firms
Catalin Cimpanu reports: Meta (formerly Facebook) said today that it suspended accounts on its Facebook and Instagram platforms operated by seven companies that provide surveillance and cyber-mercenary services. Meta said these companies targeted users with links to phishing sites and malware in order to collect login credentials and infect them with malware. Read more at…