On July 21, the DoppelPaymer ransomware threat actors added Amphastar Pharmaceuticals to their leak list. They also uploaded a number of files as proof of access and exfiltration. It was because of that listing that Amphastar eventually discovered that employee data had been stolen in a May attack. On August 27, Amphastar sent notification letters…
Category: U.S.
Rocky Mount hit by ransomware, investigating and trying to recover
Add Rocky Mount, North Carolina to the list of governments hit by ransomware. As of Aug. 28, they didn’t seem to yet know too much, as WITN reported: Rocky Mount leaders are trying to get the city’s network back on track after facing a cyber attack. The city is in the process of confirming what…
CA: Selma Unified hit with ransomware attack
Fox26 News reports: Selma Unified School District says it was hit by hackers. The attack happened overnight locking up some of the systems Friday including the student information system. Read more on Fox26. Note that this is Selma, California, and not Alabama.
Utah Pathology Services notifying more than 110,000 patients of data breach
From Utah Pathology Services, part of the security incident notice: On June 30, 2020, we learned than an unknown third party attempted to redirect funds from Utah Pathology. This suspicious activity did not involve any patient information, or the completion of any financial transactions. Upon discovery of the attempted fraud, Utah Pathology quickly secured the…
Cisco engineer resigns then nukes 16k WebEx accounts, 456 VMs
Sergiu Gatlan reports: A former Cisco employee pleaded guilty to accessing the company’s cloud infrastructure in 2018, five months after resigning, to deploy code that led to the shut down of more than 16,000 WebEx Teams accounts and the deletion of 456 virtual machines. According to a plea agreement filed on July 30, 2020, 30-year-old…
Morgan Stanley Is Sued Over Data Breaches Tied to Missing Equipment
Melanie Waddell reports: Morgan Stanley is embroiled in a class-action lawsuit over two separate data breaches involving missing equipment that exposed clients’ personal identifiable information — including Social Security and account numbers — to third parties. The case, brought by a retirement account client and filed in the U.S. District Court for the Southern District of New York…