Happening now: A number of hospitals are filing breach notices this week that appear to be linked to a breach at Adelanto HealthCare Ventures (AHCV) in 2021. The hospitals are all owned by Universal Health Services LLC (UHS). So far, DataBreaches has found McAllen Hospitals, LP d/b/a South Texas Health System, Doctors Hospital of Laredo,…
Category: Subcontractor
NY: Students’ bank accounts compromised because of vendor ticketing software breach affecting colleges nationwide (UPDATED)
Prakriti Panwar reports: Almost a month after attending a concert at Cornell University featuring Beach Bunny — a popular alternative rock band — on Jan. 28, several Ithaca College students’ credit and debit card information was breached and varying amounts of money were stolen. On Feb. 24, Information Technology at Cornell University released a security alert informing students that…
Hackers compromise 3CX desktop app in a supply chain attack
Sergiu Gatlan reports: A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and…
Dutch railway NS warns 780,000 customers about data breach
NL Times reports: The Dutch national railway, NS, has warned about 780,000 customers that their personal data may be involved in a data breach.The train operator works closely with market research firm Blauw. External parties gained access to personal data at via a software supplier for that company. For example, e-mail addresses, telephone numbers or…
NYS Secures $200,000 from Law Firm for Failing to Protect New Yorkers’ Personal Data
NYS Attorney General Letitia James announced a settlement: New York Attorney General Letitia James secured $200,000 from the law firm, Heidell, Pittoni, Murphy & Bach LLP (HPMB) for failing to protect New Yorkers’ personal and healthcare data. HPMB’s poor data security measures made it vulnerable to a 2021 data breach that compromised the private information of approximately…
AU: Crown Resorts acknowledges getting ransom demand over GoAnywhere breach
Reuters reports: Australia’s biggest casino operator Crown Resorts said on Monday it was investigating a data breach at its third-party file transfer service, GoAnywhere, in which hackers obtained a limited number of Crown’s files. “We were recently contacted by a ransomware group who claimed they have illegally obtained a limited number of Crown files,” a…