Two potential class action lawsuits involving data breaches have reportedly settled. One awaits final approval in October, but the other settlement is already final. University of Pittsburgh Medical Center data breach $450K class action settlement During April to June 2020, Charles J. Hilton PC (CJH), a firm hired by UPMC for billing services, allegedly suffered…
Category: Subcontractor
Leaking Student Data From US Campus App Found — But is It Real?
Another day, another leak. Another leak, another entity claiming it’s not real data. Another leak, another frustrating experience trying to responsibly disclose. According to Safety Detectives, they found exposed data related to an app called Transact Campus: Transact Campus’ technology integrates several payment functions into a single mobile platform to power student purchases at higher…
AU: NDIS case management system provider breached
Justin Hendry reports: A security breach of a cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers has exposed a “large volume” of health and other sensitive data. CTARS, a Sydney-based software and analytics provider for the disability and care sectors, this week revealed an unauthorised third-party had gained access to…
Illuminate Education Breach Included Los Angeles Unified & Riverside County Districts, Pushing Total Impacted to Over 3M
Update of June 15: For updates on this incident, your best resource is Kristal Kuykendall and THE Journal . Hats off to Kristal Kuykendall and THE Journal for tracking the Illuminate Education breach. Kykendall reports: The breach of student data that occurred during a January 2022 cyberattack targeting Illuminate Education’s systems is now known to have…
Battelle for Kids ransomware attack compromised records of 560,000 Chicago Public School students, employee
Nader Issa and Lauren FitzPatrick report: A massive data breach has exposed four years’ worth of records of almost 500,000 Chicago Public Schools students and nearly 60,000 employees, district officials told principals Friday. The attack targeted a company that has a no-bid contract with the district for teacher evaluations and involved basic student and staff…
2022 DSIR Deeper Dive: Vendor Incidents
Stefanie Ferrari of BakerHostetler writes: Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks on the vendors’ systems….