Sergiu Gatlan reports: Uber believes the hacker behind last week’s breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication (2FA)…
Category: Subcontractor
ClearBalance, Bricker & Eckler settle data breach lawsuits involving patient data
To follow up on two previously reported breaches involving protected health information, here are two class action settlements that involve business associates: CSI Financial Services aka ClearBalance In July 2021, DataBreaches reported a breach at CSI Financial Services, aka ClearBalance, a firm that services loans made by hospitals and providers to patients who need to…
Aeries Software settles claims over 2019 data breach
There’s an update to a 2019 data breach involving Aeries Software that impacted more than 150 school districts. Top Class Actions reports that Aeries has agreed to pay $1.75 million to resolve claims that the breach compromised personal information of San Dieguito Union High School students. The case is Gupta, et al. v. Aeries Software…
Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses
IC3.gov PIN 20220914-001 14 September 2022 TLP: WHITE Summary The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare…
Kansas school district pulls messaging app after data breach
KWCH reports: Andover Public Schools said it has pulled the popular messaging app, Seesaw after the app was hacked. According to the Seesaw website, the app is used by 10 million teachers, students and family members, but the company declined to say how many users were affected by the hack. In a letter to parents,…
Breach of software maker used to backdoor ecommerce servers
Dan Goodin reports: FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig’s systems…