Sergiu Gatlan reports: Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and…
Category: U.S.
VT: Rutland Regional Medical Center notifies patients after employee email accounts hacked
On Feb. 20, Rutland Regional Medical Center in Vermont posted a notice on its web site that says, in pertinent part: Rutland Regional Medical Center (“Rutland Regional”) recently discovered an incident that may affect the security of personal information of certain individuals who received care from its facility. We take this incident very seriously, and…
California CPA firm notifies clients after falling for a tech support scam
I’ve been told that at times, I can be tough on those who have had breaches. But I actually do feel sympathy for some victims. Read this notification from Martin Hutchison & Hohman, a firm of certified public accountants in Eureka, California. I found it actually painful to read. When conscientious people fall for scams,…
IRS employee charged with unlawful disclosure of SARs: Analyst Provided Information to a Los Angeles Attorney and a New York Reporter
SAN FRANCISCO – A federal criminal complaint, filed on February 4, 2019, was unsealed in San Francisco today, charging John C. Fry with unlawful disclosure of Suspicious Activity Reports, announced United States Attorney David L. Anderson and United States Department of the Treasury, Treasury Inspector General for Tax Administration (TIGTA), Special Agent in Charge Rod…
PA: Judge rejects claim by attorneys for former Franklin Regional student charged in cyberattack
Rich Cholodofsky has an update on a case that started in 2016. Evidence collected against a former high school student charged with launching a series of cyber attacks in 2016 that disabled computer systems throughout Westmoreland County can be used at her trial, a judge ruled on Wednesday. Common Pleas Judge Tim Krieger rejected a…
Kentucky Counseling Center notifies more than 16,000 patients after discovering suspected insider-wrongdoing breach
On February 11, Kentucky Counseling Center notified HHS of a breach impacting 16,440 patients. Using HHS’s coding system to report, the incident was reported as a case of unauthorized access/disclosure involving EMR. But on their site, KCC makes clear that they suspect a former employee of taking a list of patient information. The full notification…