Barb Ickes writes: The 6-year-old’s psychological assessment is marked “confidential,” yet, there it is in my inbox. I didn’t read it. Finding it in my email felt wrong enough. But I understand what Jim Ziebell was doing. He was offering an example of the records that were left behind at a former school in Lost…
Category: U.S.
KY: Livingston County Schools teachers, staff fear identity theft
Blake Stevens and Randall Barnes report: Many teachers, bus drivers, custodians, and other school staff in Livingston County fear their identities may have been stolen. Superintendent Victor Zimmerman apologized Monday night for unknowingly posting payroll information with social security numbers on the Livingston County school district’s website. The breach was part of an attachment for…
Idaho Transportation Department email hack may have exposed truckers’ private information
EIN reports: A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposed the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. State Information Security Director Jeff Weak said ITD’s Division of Motor Vehicles has identified and notified about 140 individuals and…
AMP Global Clearing LLC fined for lax security
A monetary penalty resulted from a misconfigured backup uncovered by Chris Vickery, who was then with Kromtech Security. It was reported publicly in April, 2017 by a number of outlets, including The Daily Dot. This was one of those cases where a vendor’s mistake turned out to be costly. The Commodity Futures Trading Commission (CFTC)…
NC: Coastal Cape Fear Eye Associates notifies patients after ransomware attack
On February 1, Coastal Cape Fear Eye Associates in North Carolina notified HHS of a hacking incident that impacted 925 patients. Unlike many other ransomware reports where there is no clear evidence of PHI acquisition or compromise, in this incident, there was evidence of actual compromise, although no evidence of exfiltration. Here is the entity’s…
Aperio Group client account data breached by successful phishing attack
On January 30, Aperio informed advisors of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Aperio discovered the problem on January 11, 2018, and their investigation determined that all emails sent to those two accounts between…