Brian Krebs reports: A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging…
Category: U.S.
Emmanuel College working to recover from attack that claims faculty and student data stolen
Emmanuel College in Boston appears to have become a victim of Avos Locker. The college was added to the threat actor’s leak site yesterday, with a note saying, “Oh no! 140GB student and staff confidential data exfiltrated. If you value protecting students, pay us instead of shutting down domains.” Although there is no notice on…
BakerHostetler’s 9th annual Data Security Incident Response Report
BakerHostetler’s annual report is out, and as always, it is a great read because it provides statistics and analysis of the more than 1,100 data breach incidents the law firm handled in 2022. Ted Kobus provides a bit of the history of the firm’s Digital Assets and Management Group. Here’s just one graphic from the…
Jack Teixeira’s February 2022 Logs. Why wasn’t the insider threat prevented or detected?
Over on EmptyWheel, natsec journalist and blogger Marcy Wheeler writes, “In a motion to keep Jack Teixiera jailed, the government provided more details about what an unstable nut they gave access to the US’ most sensitive secrets.” Read Marcy’s post. Reading the logs from the perspective of someone who has blogged about insider threats and data…
Two ransomware groups list Albany ENT & Allergy Services on their leak sites
On April 23, the BianLian ransomware group listed: A***** *** * ******* S******* BianLian often uses the asterisk system before they actually name the victim and leak data. Today, though, DataBreaches also saw the following on the RansomHouse leak site: Albany ENT & Allergy Services They’re both listing the same entity (even the listed revenues…
MI: McLaren Greater Lansing Hospital accused of leaving patient medical records in decommissioned hospital
Ta’Niyah Jordan reports: Patient medical records are meant to be private. But one of Lansing’s largest hospitals is being accused of leaving behind boxes of confidential patient files in a decommissioned hospital. […] A whistleblower who attended the April 19th preview at the Pennsylvania campus says he found several boxes containing patient files. In images…