Zack Whittaker reports on the Sitel compromise after not previously disclosed documents were obtained by independent security researcher Bill Demirkapi: The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that…
Category: U.S.
IL: Blessing details defenses amid increasing health system cyber-attacks
Ryan Hill reports: Hospitals and health systems are finding themselves in the crosshairs of cybercriminals more frequently. According to third party cybersecurity company Black Kite’s 2021 Third Party Breach report, attacks on healthcare companies accounted for nearly a third of attacks in 2021. Blessing Health information security chief Todd Haverstock said he has seen the number…
Data of 820,000 NYC students compromised in hack of online grading system: Education Dept.
Michael Elsen-Rooney reports: Personal data for roughly 820,000 current and former New York City public school students was compromised in the hack of a widely-used online grading and attendance system earlier this year, city Education Department officials said Friday, revealing what could be the largest-ever breach of K-12 student data in the U.S. Furious city…
Mansfield company hacked, personal information stolen
Oops — I missed this one last week. George W. Rhodes reported: The computer system of a Mansfield company that does background checks for employers was hacked and the perpetrators got away with the personal information of 164,000 people. Creative Services Inc., located on Pratt Street, was hit by hackers in November, according to The…
FBI: Ransomware hit 649 critical infrastructure orgs in 2021
Sergiu Gatlan reports: The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report. However, the actual number is likely higher given that the FBI only started tracking…
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the…