Someone asked me today about the lack of W-2 phishing reports or W-2 incidents that we’ve seen so far this year. I responded that I hadn’t really had time to research W-2 attacks yet, but a reader, “DLOW,” has now kindly submitted a news story by Mary Richards of KSL in Utah. The kinds of…
Category: Subcontractor
NE: CHI Health officials say virus introduced to health system’s network by third-party vendor’s infected device
So let’s be honest: how often do you monitor your third-party vendors or business associates to ensure that the devices they may connect to your network are free from malware? Julie Anderson reports: CHI Health has caught a virus, but it’s not the kind the health system is used to battling. Dr. Cliff Robertson, CHI…
Stolen Credit Card Data from City Parking Systems Sold on the Dark Web
Bruno reports: The hackers of the city parking fine system in Saint John, Canada have been selling sensitive data on the dark web for over a year. The security breach in the system was not spotted for 15 months after the initial attack, which ultimately allowed the hackers to gain personal information and credit card…
Aetna settles with California in HIV-related privacy breach
AP reports: Aetna will pay $935,000 after one of its vendors sent letters to California patients that revealed via a window on the envelopes that the recipients were taking HIV-related medications, officials said Wednesday. The settlement resolves allegations that Aetna violated state health privacy laws, California Attorney General Xavier Becerra said. Nearly 2,000 Californians —…
Over 140 International Airlines Affected by Major Security Breach
Sergiu Gatlan reports: Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system found by Safety Detective’s Noam Rotem. Currently, the Amadeus ticket booking system is being used by 141 international airlines which gives…
VA: Notice of Click2Gov-related Data Breach of Hanover County Online Payment System
From the county’s notice, which you can find in its entirety here: Hanover County was recently notified about potential unauthorized charges on credit cards used by customers to pay their utility bills via the website between August 1, 2018 and January 9, 2019. The County takes the security and protection of its customers’ confidential information…