So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…
Category: U.S.
St. Rose Hospital patient data appears on hacking forum (UPDATE1)
On December 20, a listing appeared on a popular forum that offered documents allegedly from St. Rose Hospital in Hayward, California. The listing was not a sales listing but rather a “demo data pack” listing of what was described as documents from a leak. The total leak allegedly contains 1.7 TB of files with: Financial…
Developing: Moroccan court orders extradition of alleged member of ShinyHunters to U.S.
Since July of 2022, DataBreaches has been reporting on the case of Sébastien Raoult, a young French national detained in Morocco on an Interpol Red Notice requested by the U.S. for alleged involvement in ShinyHunters. Yesterday, Morocco’s Court of Cassation notified Raoult that they signed the order for his extradition to the U.S. According to…
Hackers stole data from multiple electric utilities in recent ransomware attack
Sean Lyngaas reports: Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack obtained by CNN. […] The ransomware attack hit Chicago-based Sargent & Lundy, an engineering firm that has designed more…
Ransomware attacks hit Iowa schools, including Davenport, although public often left in dark
Maggie Bashore has an article on ransomware attacks hitting Iowa school districts over the past three years that covers a lot of issues, including the costs of cyberinsurance over time and the difficulties smaller districts may have in meeting requirements to even get a policy. She reports, in part: Fringer advises 45 school districts in…
Sports betting operator BetMGM hit by data breach
Aishwarya Nair reports: Sports betting service BetMGM said on Wednesday personal information of its customers were obtained in an unauthorized manner, but did not specify the number of users affected. The issue affected customer information such as name, contact information, date of birth, hashed Social Security number, account identifiers and information related to transactions with…