Zack Whittaker and Carly Page report: Software maker Fortra told its corporate customers that their data was safe — even when it wasn’t — following a ransomware attack on its systems, TechCrunch has learned. … TechCrunch has heard from two victim organizations that only learned that data had been exfiltrated from their GoAnywhere systems after…
Category: Subcontractor
Rio Tinto data vendor GoAnywhere’s possible breach spotted in Jan-end
CNA reports: U.S. cybersecurity firm Fortra said suspicious activity was identified within its GoAnywhere software nearly two months ago, a day after Rio Tinto in a staff memo said personal data of some of its Australian employees may have been stolen. The internal memo seen by Reuters on Thursday revealed payroll information, like payslips and…
Pension Protection Fund confirms employee data exposed in GoAnywhere breach
Ross Kelly reports: The Pension Protection Fund (PPF) has confirmed that data belonging to current and former employees has been exposed in the wake of the GoAnywhere breach. In a statement to IT Pro, the fund, which manages pension assets for nearly 300,000 clients, said it has informed affected staff and is providing support and…
Warning to Seniors: Personal Data of 254K Medicare Beneficiaries at Risk After Breach
Casey Harper reports that Congress finally got around to questioning CMS about a ransomware attack on Healthcare Management Solutions, a CMS subcontractor. The attack involved Medicare and Medicaid numbers. Hundreds of thousands of Americans’ personal information is at risk after Medicare’s data was breached. Now, lawmakers want answers. House Committee on Oversight and Accountability Chairman…
NYC Special Needs Students’ Records Found Exposed on Web
Marianne Kolbasuk McGee reports: Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet. Researcher Jeremiah Fowler of security services firm Security Discovery told Information Security Media Group he found the unsecured database in mid-February and…
What is the cost of not purging data or moving it offline, Sunday edition
Maybe one day, a law or regulation will require entities to purge old data that is no longer needed or requires it to be disconnected from the internet. If anyone needs a fresh example of why we need that type of law or regulation, here it is: Richard T. Miller, DMD, PC, d/b/a Great Neck/Mid…