East River Medical Imaging recently sent out notices to 605,809 patients concerning a breach in September. According to a patient notice posted on its website, on September 20, 2023, the New York medical practice identified suspicious activity within its IT network. We immediately initiated our incident response process, began an investigation with the assistance of…
Category: U.S.
23andMe data breach: Hackers accessed data of 6.9 million users
Catherine Stoddard reports: 23andMe, a company that does genetic testing and traces ancestry through shared DNA, confirmed to FOX TV Stations on Monday that hackers accessed personal data of about 0.1% of customers, which amounts to roughly 14,000 people who have used 23andMe. Hackers were able to breach those accounts because the customers had used the same username…
AlphV claims they have started contacting some of Tipalti’s clients (1)
Following up on a somewhat atypical strategy to monetize an alleged attack on Tipalti, AlphV updated their leak site post today. It now reads: We are systematically reaching out to affected clients of Tipalti, the first batch (consisting of organizations with the most data exfiltrated), have been sent communications requesting initial contact. We will immediately…
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
Kevin Beaumont writes: How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance owns Ongoing Operations LLC, and provides a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp platform was not patched for CitrixBleed, as no Netscaler…
Former Public School Information Technology Manager Charged with Damaging School’s Computer Network
From the U.S. Attorney’s Office in Massachusetts on November 29: BOSTON – An Ayer man was charged today and agreed to plead guilty in connection with a June 2023 cyberattack targeting the computer network of his former employer, an Essex County public high school. Conor LaHiff, 30, was charged in an Information with one count…
AlphV claims an attack before even alerting the victim. How will that work out for them? (1)
So AlphV (aka BlackCat) is trying something different again, it seems. This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim’s cyberinsurance policy does not cover extortion,…