A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Lockbit group.” If those who exfiltrated the data had no association with LockBit, why was the listing on LockBit’s site?…
Category: U.S.
City of Hope updates a breach disclosure, reports 827,149 patients affected in ransomware attack last year
City of Hope updated its breach disclosure. DataBreaches can now reveal some previously undisclosed details about the 2023 incident. In December 2023, City of Hope, a cancer treatment center in Duarte, California, notified HHS that it had experienced a breach. Its report indicated that “501” patients had been affected, but this was just a marker…
Proposed CorrectCare Breach Settlement Rejected Over Equitable Treatment
Christopher Brown reports: A proposed $6.49 million settlement of a lawsuit alleging that CorrectCare Integrated Health LLC failed to protect the personal information of 647,000 people in a January 2022 data breach was rejected by a federal court. Plaintiffs Virginia Hiley, Christopher Knight, Kyle Marks, and Marlena Yates failed to show in their motion for settlement approval…
Ernest Health rehabilitation hospitals notify patients of ransom attack in January (2)
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient data that included names and at least one of “addresses, birth dates, medical record numbers,…
This may be the worst ID theft case you’ve ever read about
KCRG Staff report: A former Iowa City hospital administrator pleaded guilty on Monday to an identity theft scheme that spanned three decades and caused the victim to be falsely imprisoned for nearly two years. Officials said 58-year-old Matthew Keirans, from Hartland, Wisconsin, pleaded guilty to one count of false statement to a national credit union…
More than two years after a breach, AT&T resets account passcodes after customer records leak online
Zack Whittaker reports: Phone giant AT&T has reset millions of customer account passcodes after a huge cache of data containing AT&T customer records was dumped online earlier this month, TechCrunch has exclusively learned. The U.S. telco giant initiated the passcode mass-reset after TechCrunch informed AT&T on Monday that the leaked data contained encrypted passcodes that could…