Melissa D. Berry reports: Stealing Medicare beneficiary identification numbers has become the latest goal for cybercriminals who see this data as even more valuable than stolen credit cards. A South Florida man pled guilty in federal court in late-January to “conspiring to buy and sell more than 2.6 million Medicare beneficiary identification numbers” and other…
Category: U.S.
City of Modesto to notify people whose people information was accessed in last month’s ransomware attack
The Modesto Police Department is now acknowledging that a ransomware incident in early February might have exposed some people to the risk of identity theft. KCRA reports: On Thursday, the city said that it has been responding to a ransomware attack since last month and that a “limited amount” of the personal information of some…
Hacker stole bank account, Social Security numbers, and health plan info of Colorado school district employees
Updated March 15: This incident was reported to HHS on March 3 as affecting 35,068 health plan members, so it likely included former employees as well as current ones. DPS’s notice can be found on their website. Nate Lynn reports: Personal information belonging to some 15,000 Denver Public Schools (DPS) employees was stolen in what…
Another ransomware-related lawsuit settles: Preferred Home Care
Top Class Actions reports there is a settlement involving Preferred Home Care in New York. The lawsuit alleged the provider failed to protect employee and patient data from an attack in January 2021. The data breach allegedly compromised the information of 92,283 patients and employees, including sensitive health information and personal identifiers such as Social…
Oakland continues to work on recovery from ransomware attack; Play claims responsibility
As the City of Oakland continues to work to recover from a ransomware attack that began on February 8 and that resulted in the city declaring a state of emergency on February 14, the Play ransomware group has claimed responsibility for the attack. Play does not indicate how much data they acquired, but threaten to…
FTC Publishes Blog Post on Data Security Practices for Complex Systems
Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders. Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.” These practices include: (1) offering multi-factor…