Brian Krebs reports: U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked…
Category: U.S.
New York Oncology Hematology notifying more than 128,400 employees and patients after phishing attack
Albany-based New York Oncology Hematology is notifying more than 128,400 employees and patients after discovering that 14 employees fell prey to phishing attacks in April. Although forensic invesgtigation did not find any clear evidence that attackers accessed employee or patient data in the employees’ email accounts, NYOH decided to notify everyone. As part of their web…
Family Tree Relief Nursery notifies families of ransomware attack
Some 2,000 clients of Albany-based nonprofit Family Tree Relief Nursery were notified by mail Thursday that unauthorized persons had accessed the organization’s computer programs between June and August. Executive Director Renee Smith said the organization’s computer was hacked by ransomware in late August. The incident briefly prevented staff from accessing client information. […] Smith recommended…
NY: St. John’s Episcopal Hospital/ Episcopal Health Services notifies patients after employee email accounts were hacked
From Episcopal Health Services: Episcopal Health Services recently discovered an incident that may affect the security of personal information of certain current and former patients. We take this incident very seriously and the confidentiality, privacy, and security of our information is one of our highest priorities. What Happened? On September 18, 2018 Episcopal Health Services…
HealthEquity, Inc. notifying 190,000 after two employee email accounts were hacked
Reading a notification that employee email accounts were hacked and customer or patient information may have been accessed is nothing particularly unusual these days. What is a bit surprising, however, is when a breached entity offers those affected five years worth of credit monitoring, remediation, and other services. And that’s exactly what HealthEquity, Inc. is doing….
NJ: Here, let me help you withdraw from all those pesky courses.
Andrew Kinney reports on a hack at Stevens Institute of Technology in New Jersey. Registration at Stevens is like high school sports. It involves waking up at seven in the morning to repeat mindless drills (furiously clicking through Web Self Services). It works with a class hierarchy — juniors trump sophomores who trump freshmen, with seniors…