Shaun Nichols and Gareth Corfield report: Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online. The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. Read…
Category: Subcontractor
An old HIPAA incident rears its very ugly head again
Like other journalists who cover data breaches in the healthcare space, I routinely check HHS’s public breach disclosure tool (sometimes called “The Wall of Shame”) to see what breaches have been reported to them and with what numbers. One of the recent entries was from a “Stephan C. Dean” who listed himself as a business…
Rogers notifies customers their personal information may have been compromised
Aisha Malik reports: Rogers has notified customers that their personal information may have been compromised in a data breach. “On February 26, 2020, Rogers became aware that one of our external service providers had inadvertently made information available online that provided access to a database managed by that service provider,” Rogers wrote on its support…
Northeast Radiology notifies patients of PACS data security incident
Note: Northeast Radiology issued a press release yesterday about a data security incident that their healthcare management services provider, Alliance HealthCare Services, notified them about. DataBreaches.net noted that Alliance notified Northeast Radiology on January 11, 2020 — the day after TechCrunch reported updated research on the problem with exposed PACS leaking protected health information. Although…
Card data from breached Volusion platform shows up on dark web
Payment card data stolen from an e-commerce platform last year has already netted criminals $1.6 million in card data sales on the dark web. And according to a new report out today, that’s just from the initial card data offering. Stas Alforov and Christopher Thomas of Gemini Advisory report that a Magecart attack on Volusion…
NZ: Tuia 250 privacy breach: Tech boss signed off on government website with no testing
Craig McCulloch of RNZ reports: A top tech boss at the Ministry of Culture and Heritage (MCH) reviewed the Tuia 250 website’s security and declared it “fit for purpose” just two months before a major breach was uncovered, new correspondence shows. […] Correspondence obtained by RNZ under the Official Information Act shows the website –…