Zack Whittaker reports: A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch has learned. The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in…
Category: U.S.
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
Marianne Kolbasuk McGee reports: More than 100 medical associations and industry groups representing tens of thousands of U.S. doctors and healthcare professionals have banded together to urge federal regulators to hold Change Healthcare responsible for breach notifications related to a massive February ransomware attack. The groups in a letter Monday asked the U.S. Department of Health and…
More than one year later, New Jersey school district reveals data breach with sensitive info
NJ 101.5 FM reports: A Monmouth County school district hid details about a cyber-attack for over a year. Only now are they revealing student’s sensitive personal data was compromised. Officials at Shore Regional High School District in West Long Branch began notifying families on Friday. On Monday they issued a public statement. […] Shore Regional…
Russian Access Broker “FlankerWWH” Indicted for Cybercrime Activities in New Jersey
A Russian citizen has been indicted for working as an “access broker” and selling unauthorized access to computer networks, including a victim company in New Jersey, U.S. Attorney Philip R. Sellinger, District of New Jersey. Evgeniy Doroshenko, 31, aka “Eugene Doroshenko”, aka “FlankerWWH,” aka “Flanker,” of Astrkhan, Russia, is charged by indictment with one count…
Superior Air-Ground Ambulance Service notifies more than 850,000 patients of cyberattack last year
Superior Air-Ground Ambulance Service, Inc. {“Superior”) has locations in five states: Illinois, Indiana, Ohio, Michigan, and Wisconsin. On May 10, they notified HHS of an incident affecting 858,238 patients. A notice on their website explains that they discovered unusual activity in their network in May 2023. “On June 23, 2023, the investigation determined that an…
Tx: CentroMed discloses a second data breach within one year (UPDATE 1)
In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today…