Jonathan Greig reports: Federal civilian agencies were ordered to secure their Microsoft cloud systems after several recent cyber incidents. The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure…
Category: U.S.
Securities and Exchange Commission Settles Charges Against Flagstar for Misleading Investors About Citrix Data Breach
ADMINISTRATIVE PROCEEDING File No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading…
Granite School District breach worse than the district has revealed — former employee (1)
Some former employees of Granite School District in Utah are reporting frustration and anger with the district’s incident response to an attack by the Rhysida group. One has written up what he found when he examined the publicly leaked data. On September 20, 2024, Granite became aware of suspicious activity on its network. An investigation…
Nebraska AG becomes first state to sue Change Healthcare over massive data breach
Aaron Sanderford reports: Nebraska on Monday became the first state to sue Tennessee-based Change Healthcare over the company’s massive data breach that cost at least 575,000 Nebraskans their personal information and medical records. … The breach was blamed on a low-level employee who had his or her login credentials hacked. Nebraska Attorney General Mike Hilgers…
Kitsap Mental Health Services breach impacted sensitive patient information (1)
Update: DataBreaches did not spot it earlier, but on December 12, Kitsap Mental Health Services posted a notice on its website about a cyberattack that it reportedly detected on October 17, 2024. Investigation revealed that on September 17 and between October 8, 2024, and October 19, 2024, there was unauthorized access to their network and…
Boston University and Feds Investigating Hacking of Framingham Heart Study Data
Molly Callahan reports: Boston University’s renowned Framingham Heart Study (FHS) was breached by hackers, who gained access to the data of participants—both living and deceased—of the country’s longest running, multigenerational heart study. BU officials say the hackers gained access to the study’s server, but that information technology specialists from BU and FHS were able to…