Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…
Category: U.S.
OKCPS confirms ransomware cyber-attack
Lili Zheng reports: Oklahoma City Public Schools have confirmed they are addressing a recent ransomware attack, compromising the district’s network. On Monday, OKCPS stated their network was “significantly compromised by a form of malware” and that the issue was “continuing to worsen.” Early Tuesday evening, an updated statement from the district confirmed that ‘form’ of…
Equitas Health notifies 569 members after discovering two employee email accounts had been compromised
Equitas Health, Inc. (“Equitas Health”) learned that it was the victim of a data incident and is notifying individuals whose information may have been affected. On January 8, 2019, Equitas Health became aware of unusual activity within an employee’s email account. Equitas Health conducted an internal investigation which revealed that an unauthorized individual had access…
Paterson Public Schools hacked, but when, and where are the data now? (UPDATE 1)
Jayed Rahman reports that Paterson Public Schools in New Jersey was hacked. The attacker allegedly acquired 23,103 account passwords and other computer access tokens. Information stolen in the breach includes desktop logins, email usernames and passwords, and laptop credentials. For example, the email usernames and passwords of all school district employees — including that of…
Twitter discloses a bug impacting collection and sharing of location data on iOS devices
Twitter’s online Help section has the following notice: You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances….
Oregon Health Authority provides early notification to Oregon State Hospital patients of a phishing incident
I realize that some will fault the entity for making early notification before they have all the facts, but my hat is off to the Oregon Health Authority (OHA). On May 6, they suffered – and quickly stopped – a successful spear-phishing attack that gave the attacker access to one employee’s mail account. That account…