The gap from the disclosure of a data breach to the filing of a potential class-action lawsuit is often a matter of weeks (or less), although a lot of lawsuits are dismissed for lack of Article III standing (see a 2021 review of data breach litigation here). In March, in-home respiratory care provider SuperCare…
Category: U.S.
About 1,700 MetroHealth patients affected by data breach
Jordan Unger reports: The MetroHealth System confirmed Wednesday that about 1,700 patients were affected by an accidental data breach. According to MetroHealth, the issue occurred during an upgrade to their electronic medical record system on Nov. 13. When MetroHealth sent out records to some of their patients, the name, date of service and provider name of…
T-Mobile Tried To Pay Hackers To Buy Leaked Customer Data Back
Abhishek Mishra reports on one of the revelations in court filings related to the arrest of the owner of RaidForums and the takedown of the forum: T-Mobile, one of the largest phone carriers in the U.S., tried to pay the hackers to get back its customer data leaked in a previous breach. The move backfired…
Update: No sensitive data taken during District 518 cybersecurity breach
On March 8, Kari Lucin at The Globe reported that District 518 in Minnesota had confirmed a data breach involving an employee’s email account, but didn’t anticipate a big problem. Yesterday, Lucin followed up with the district’s confirmation that no personal information or data had been taken or used in the February incident. An investigation…
LockBit ransomware gang lurked in a U.S. gov network for months
Bill Toulas reports: A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. Logs retrieved from the compromised machines showed that two threat groups had compromised them and were engaged in reconnaissance and remote access operations….
Update to Christie Clinics breach disclosure
On March 25, Christie Business Holdings Company, P.C. (“Christie Clinic”) disclosed a breach. As DataBreaches.net reported the next day, the clinic reported that an unauthorized actor had gained access to one business email account between July 14, 2021 and August 19, 2021. Christie’s investigation indicated that the intent of the attacker may have been to…