Justin Hendry reports: A security breach of a cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers has exposed a “large volume” of health and other sensitive data. CTARS, a Sydney-based software and analytics provider for the disability and care sectors, this week revealed an unauthorised third-party had gained access to…
Category: Subcontractor
Illuminate Education Breach Included Los Angeles Unified & Riverside County Districts, Pushing Total Impacted to Over 3M
Update of June 15: For updates on this incident, your best resource is Kristal Kuykendall and THE Journal . Hats off to Kristal Kuykendall and THE Journal for tracking the Illuminate Education breach. Kykendall reports: The breach of student data that occurred during a January 2022 cyberattack targeting Illuminate Education’s systems is now known to have…
Battelle for Kids ransomware attack compromised records of 560,000 Chicago Public School students, employee
Nader Issa and Lauren FitzPatrick report: A massive data breach has exposed four years’ worth of records of almost 500,000 Chicago Public Schools students and nearly 60,000 employees, district officials told principals Friday. The attack targeted a company that has a no-bid contract with the district for teacher evaluations and involved basic student and staff…
2022 DSIR Deeper Dive: Vendor Incidents
Stefanie Ferrari of BakerHostetler writes: Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks on the vendors’ systems….
Cyberattack at Opus Interactive knocks Ruby Receptionists offline, disrupting service for thousands
Mike Rogoway reports: Ruby Receptionists, the Portland company that serves as a phone receptionist for thousands of small businesses, has suffered a major outage that knocked it offline all week. One of Ruby’s online vendors was hit by a cyberattack that left the company unable to accept any incoming calls or online messages, CEO Kate…
Omnicell reveals ransomware incident in SEC filing
From their May 9 10-Q filing: Our IT systems and third-party cloud services are potentially vulnerable to cyber-attacks, including ransomware, or other data security incidents, by employees or others, which may expose sensitive data to unauthorized persons. On May 4, 2022, we determined that certain of our information technology systems were affected by ransomware impacting…