Alyssa Roberts reports: The Diocese of Las Vegas on Friday announced a cybersecurity breach that potentially compromised “sensitive information of its volunteers, parishioners, donors and other stakeholders,” a news release states. A spokesperson noted there was “no indication that personal information has been misused,” but said the Diocese would notify those who may have been…
Category: U.S.
United HealthCare reports a data breach that may have revealed the customer’s personal information
The CBS reports: United HealthCare made customers aware of a data breach on Friday, which temporarily allowed access to personal information for those enrolled in the company’s healthcare plans. According to a statement, “suspicious activity” was noticed on the UHC mobile application “that may have led to the disclosure of member information.” The company says…
Many Public Salesforce Sites are Leaking Private Data
Brian Krebs reports: A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging…
Emmanuel College working to recover from attack that claims faculty and student data stolen
Emmanuel College in Boston appears to have become a victim of Avos Locker. The college was added to the threat actor’s leak site yesterday, with a note saying, “Oh no! 140GB student and staff confidential data exfiltrated. If you value protecting students, pay us instead of shutting down domains.” Although there is no notice on…
BakerHostetler’s 9th annual Data Security Incident Response Report
BakerHostetler’s annual report is out, and as always, it is a great read because it provides statistics and analysis of the more than 1,100 data breach incidents the law firm handled in 2022. Ted Kobus provides a bit of the history of the firm’s Digital Assets and Management Group. Here’s just one graphic from the…
Jack Teixeira’s February 2022 Logs. Why wasn’t the insider threat prevented or detected?
Over on EmptyWheel, natsec journalist and blogger Marcy Wheeler writes, “In a motion to keep Jack Teixiera jailed, the government provided more details about what an unstable nut they gave access to the US’ most sensitive secrets.” Read Marcy’s post. Reading the logs from the perspective of someone who has blogged about insider threats and data…