Leo Shane III reports: The Defense Department will revamp its Servicemembers Civil Relief Act databases following charges the online information sites exposed millions of troops’ and veterans’ personal information to identity thieves and scammers, officials announced Thursday. Leaders from Vietnam Veterans of America, which filed a lawsuit against the department to force the changes, called…
Category: Subcontractor
Saint Mary’s email addresses appear in credential dump following Chegg data breach
Maeve Filbin reports: In April 2018, the widely-used tutoring service and textbook provider Chegg experienced a data breach, after an unauthorized source accessed one of the company’s databases. The breach was discovered in Sept. 2018. On Sept. 26, chief information officer Todd Norris announced in a campus-wide email that the Saint Mary’s College Information Technology…
Mobile County Public Schools impacted by ransomware attack on vendor, back online now
You may have been a bit confused by the rapidly changing status involving Mobile County Public Schools in Alabama, who were impacted by a ransomware attack. Their site was down for about 24 hours, but is back up. The ransomware attack was against their vendor, SchoolinSITES.
Presbyterian Health business associates disclose breach
Magellan Healthcare and National Imaging Services recently notified OCR of a HIPAA breach impacting 55,637 and 589 patients, respectively. The notification was made to OCR on September 17. A press release issued by Magellan Health, Inc. for its subsidiaries, obtained by DataBreaches.net, reported that an anonymous, unauthorized third party accessed the email accounts of two…
Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
Symantec reports: A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec…
Secret Service Investigates Breach at U.S. Govt IT Contractor
Brian Krebs reports: The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections…