HHS has announced another big settlement and corrective action plan. This one stems from a hack of Premera Blue Cross (PBC) in 2014 that went undetected until March of 2015. DataBreaches.net had covered this incident at the time and the follow-ups that included a class action lawsuit that settled, a settlement with state attorneys general,…
Category: Phishing
Nigerian Man Sentenced to Three Years in Prison for Computer Hacking Scheme that Targeted Government Employees
Almost one year after a Nigerian national was extradited from Canada and charged with defrauding vendors of office products by “phishing” e-mail login information from government employees, Olumide Ogunremi, a/k/a “Tony Williams,” was sentenced in federal court in Newark. The sentence was announced by the U.S. Attorney’s Office for the District of New Jersey. Ogunremi…
Texas Teams Up with FireEye to Tackle Ransomware
This may help some Texas school districts and other public agencies in Texas. I usually don’t post press releases that promote commercial services, but am making an exception because I like the idea that a state is trying to provide more proactive and defensive support to school districts as well as other state agencies: FireEye,…
SANS infosec training org suffers data breach after phishing attack
Lawrence Abrams reports: The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack. […] In a notification posted to their site today, SANS states that one of their employees fell for a phishing attack that allowed a threat actor to gain access to their…
University of Utah notifying patients after phishing attack
Did University of Utah Health really have three phishing incidents this year? Maybe not. I was confused when I saw a new listing on HHS’s public breach tool this week. The incident, reported to HHS on July 20, reportedly affected 10,000 patients and involved PHI located in email. As such, it seemed to match an…
Russian BEC Gang Targets Hundreds of Multinational Companies
Akshaya Asokan reports: A newly uncovered Russia-based business email compromise gang has been targeting hundreds of large, multinational corporations in over 40 countries since 2019, according to the security firm Agari. The gang, which Agari calls Cosmic Lynx, uses a combination of social engineering techniques and well-crafted email messages designed to target the upper echelon of…