From the no-need-to-hack-when-it’s-leaking dept., state edition, the North Carolina Department of Information Technology and Office of State Human Resources are notifying 84,860 current or former state agency employees that a file with their name and SSN was uploaded by mistake to a state intranet site accessed by more than 65,000 authenticated users: We are writing…
Category: U.S.
Data breach at US waste management firm exposes employees’ healthcare details
Emma Woollacott reports: A data breach at US waste management firm Waste Management Resources has exposed the healthcare information of current and former employees, as well as their dependents. The company says that on January 21, it discovered signs of suspicious activity. “We immediately launched an investigation, with the assistance of third-party forensic specialists, to determine…
Brooklyn Tech students uncovered a NYC schools data breach.
Pooja Salhotra reports: Teachers’ social security numbers, student academic records, and families’ home addresses are among the dozens of pieces of information a group of tech savvy high school students stumbled across on Google Drive this year. The documents — many of which contained confidential information — were leaked because of a quirk in the…
Morgan Stanley asks court to throw out data security lawsuit
Ryan W. Neal reports: Morgan Stanley has asked a New York federal court to throw out a class action lawsuit alleging the firm failed to properly wipe sensitive client information from decommissioned computer equipment that has since gone missing. The former clients cannot plausibly identify instances of personal data being accessed or misused, or any…
NC: Charlotte-Mecklenburg Schools email gaffe exposes medical info on 3,000 students
From the no-need-to-hack-if-it’s-leaking dept., WBTV reports: Charlotte-Mecklenburg Schools sent an email to hundreds of parents that included person and medical information of nearly 3,000 students. The CMS email was to confirm all students who were enrolled in the After School Enrichment Program (ASEP). It was sent out the afternoon of August 6 and went to…
Crytek confirms Egregor ransomware attack, customer data theft
Sergiu Gatlan reports: Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers’ personal info later leaked on the gang’s dark web leak site. The company acknowledged the attack in breach notification letters sent to impacted individuals earlier this month…