As this site has done in 2016 and 2017, DataBreaches.net will maintain a list of entities that disclose that they have become victims of a W-2 phishing or business email compromise (BEC) attack. For 2016, we compiled 175 incidents (although some of them didn’t become public knowledge until 2017), and for 2017, we had 204 incidents…
Category: Phishing
Monticello Central School District notifying almost 2,600 of phishing attack last year
When I saw that Monticello Central School District in New York had submitted a breach notification to the Vermont Attorney General’s Office and it mentioned phishing, I thought we might have our very first W-2 phishing incident of 2018. But no, it seems that the school district is reporting a phishing incident that they believe…
Lebanese Government Hackers Hit Thousands of Victims With Incredibly Simple Campaign
Lorenzo Francesco-Bicchierai reports: Hackers allegedly working for the government of Lebanon stole hundreds of gigabytes from thousands of victims all over the world, and they did it using phishing, relatively simple custom-made malware with no fancy zero-day exploits, and using recycled infrastructure, according to a new report. Security researchers from digital rights organization Electronic Frontier…
NC: Emotet malware compromised Rockingham County Schools servers after employees opened phishing emails
This report was published December 28, 2017, but I’m first seeing it today. Joe Dexter reports on the devastation Rockingham County Schools experienced after employees fell for a phishing email. The only good news, perhaps, was that personal information did not appear to have been acquired or exfiltrated: All it took was several downloads of…
Onco360 and CareMed Specialty Pharmacy Patients Notified of Data Security Incident
Update: This was reported to HHS/OCR as impacting 53,173 patients. Original post: There were a few press releases about breaches that appeared after 3 pm on the Friday of a three-day holiday weekend. This was one of them: A recent data security incident affected patients receiving services from Onco360 and CareMed Specialty Pharmacy. On November…
Florida officials: Hack exposed 30K Medicaid patients’ files
Jesse Byrne reports: Hackers might have accessed the medical records and other personal information of tens of thousands of Medicaid recipients in November, Florida official announced late Friday. Florida’s Agency for Health Care Administration (AHCA) said in a press release reported by The Associated Press that one of its employees was the “victim of a malicious phishing…