ISD 728 in Minnesota was hit with a ransomware attack on November 23. On December 23, they mailed notification letters to those potentially affected. A copy of the letter was submitted to the Montana Attorney General’s Office and is embedded below: The district also posted a notice to families on their website: Statement Released to…
Category: U.S.
MI: Hope College Hit with $5M Class Action Lawsuit Over Data Breach
Gary Stevens reports that alleged late disclosure of a data breach has led to a lawsuit. The Holland Sentinel is reporting in Wednesday’s editions that class-action status has been requested by plaintiff Jennie DeVries of Holland for the litigation filed at US District Court for Western Michigan on Monday. In the lawsuit, DeVries claimed that…
For sale on eBay: A military database of fingerprints and iris scans
Kashmir Hill, John Ismay, Christopher F. Schuetze, and Aaron Krolik report: The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than…
NYS Comptroller DiNapoli Releases More School District Audits
Two more school district audits were released before the holiday. Nanuet Union Free School District – Network User Accounts and Information Technology Contingency Plan (2022M-135) Issued Date December 09, 2022 Background The District serves the Town of Clarkstown in Rockland County. The District is governed by an elected seven-member Board of Education (Board) that is…
Updating the Lake Charles Memorial Health System data breach
On Oct. 25, the Hive ransomware team notified Lake Charles Memorial Health System that they had been in their system for 12 days and had exfiltrated 270 GB of the hospital, employee, and patient data. As Hive informed the health system and DataBreaches, Hive had exfiltrated data but not locked it. They demanded $900,000 to…
“No need to hack when it’s leaking:” the “Here’s how you get a HIPAA complaint” edition
So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…