Your Patient Advisor by Captify started notifying people in mid-December of a security breach that occurred in 2019 and continued for years. Captify Health (“Your Patient Advisor”) is an online retailer of colonoscopy preparation kits. In March of 2021, they were contacted about the fraudulent use of consumer credit cards potentially related to their payment…
Category: U.S.
Identity Thieves Bypassed Experian Security to View Credit Reports
Brian Krebs reports: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s…
Des Moines Public Schools cancels Tuesday classes after cybersecurity attack
Samantha Hernandez reports: Des Moines Public Schools has canceled all classes for Tuesday after officials took the district’s internet and network offline Monday morning following what they described as “unusual activity” that was later determined to be an apparent cybersecurity attack. The district issued an announcement Monday afternoon saying offices will be open but staff may be…
When ransom negotiations become public, self-inflicted reputation harm may follow
Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug bounty” and never disclose that they were the victim of a ransomware incident. At least, that’s how it seems, unless, of course, CyberOptics is going to claim that they were…
Oregon workers’ compensation claimants and policyholders may have had their personal information hacked
Mike Rogoway reports that Oregon’s worker’s compensation insurer, SAIF Corp., experienced a breach in October that potentially compromised policyholders’ information and workers’ compensation claimants’ personal and medical information. On their breach-related site maintained for them by IDX, SAIF explains that on October 24, there was a brief period during which an unauthorized individual or individuals…
What Twitter’s 200 million email leak really means
Lily Hay Newman reports: After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network…