Zack Whittaker and Natasha Mascarenhas report: Healthcare unicorn Ro is notifying employees of a data exposure involving their personal information after a security contractor “inadvertently” uploaded a spreadsheet of employee data to the internet. In a data breach notice obtained by TechCrunch from an affected employee who received the notice this week, Ro said it…
Category: Subcontractor
Some Tufts community members’ health insurance information compromised in vaccine clinic data breach
Emily Thompson reports: Tufts announced in a Thursday evening email to the community that its vaccine clinic provider, Pelmeds, has experienced a data breach involving images of patients’ insurance cards. The number of Tufts community members affected by the breach is still unknown. Tufts has ended its contract with the company and postponed all previously…
Data Breach at Canadian Border Agency Contractor Involved up to 1.38 Million Licence Plates
The Canadian Press reports: The federal privacy watchdog says a data breach at a contractor for Canada’s border agency involved as many as 1.38 million licence plate images and associated information. In a report detailing its investigation, the privacy commissioner’s office cites inconsistencies in the way the Canada Border Services Agency managed licence plate information…
Wolfe Clinic notifies patients of Eye Care Leaders breach
I tweeted this yesterday, but probably should note it here too: When I saw Wolfe Clinic had reported a breach to HHS impacting 542,776 patients, I thought they had just updated their 500k figure from the ransomware attack by Lorenz last year. But it turned out that this was a new, and unrelated report due…
Scoop: VSS Medical Technology’s Terrible, Horrible, No Good, Very Bad Day
DataBreaches suspects that most readers would agree that getting hit by a ransomware gang qualifies your day as a very bad day. But how about getting hit by two different ransomware gangs on the same day? VSS Medical Technology and one of their companies, Sigmund Software, had what sounds like a terrible, horrible, no good,…
Uber links breach to Lapsus$ group, blames contractor for hack
Sergiu Gatlan reports: Uber believes the hacker behind last week’s breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication (2FA)…