When reviews of data breaches in the education sector are written for 2023, they will almost certainly mention the 2022 attack on the Los Angeles Unified School District that wasn’t fully disclosed until 2023 and the Minneapolis Public Schools breach. Both of those incidents involved threat actors leaking sensitive information on students. But any 2023…
Category: U.S.
Hackers Accessed 632,000 Email Addresses at US Justice, Defense Departments
Ari Natter reports: A Russian-speaking hacking group obtained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice as part of the sprawling MOVEit hack last summer, according to a report on the wide-ranging attack obtained through a Freedom of Information Act request. The report, by the US…
Stanford University Investigating “Cybersecurity Incident” (1)
Stanford University issued a statement yesterday: The security and integrity of our information systems are top priorities, and we work continually to safeguard our network. We are continuing to investigate a cybersecurity incident at the Stanford University Department of Public Safety (SUDPS) to determine the extent of what may have been impacted. Based on our…
Six months after data security incident, Fredericksburg Foot & Ankle Center notifies patients (1)
On October 24, the Fredericksburg Foot & Ankle Center (FFAC) in Virginia began mailing breach notification letters to almost 15,000 patients affected by a cyberattack. The letter’s “What Happened?” section simply stated, “As a result of a recent data security incident, an unauthorized person accessed our computer systems.” It did not mention ransomware or any…
Hackers escalate: leak 200k CCSD students’ data; claim to still have access to CCSD email system
Clark County School District (CCSD) in Nevada informed parents and employees that they became aware of a “cybersecurity incident” on October 5. Three weeks later, the district had not fully recovered from the attack and parents were complaining about the district’s lack of transparency about what was stolen in the breach. Disturbingly, while the district…
MO: ‘Cyber attack’ hits Reeds Spring schools. Data breach includes Social Security numbers
Claudette Riley reports: The Reeds Spring school district has notified employees and families that it was the “victim of a sophisticated cyber attack” that involved the unauthorized access — and acquisition — of district and personal data. They were told that names, dates of birth, Social Security numbers, health insurance information and even class lists may have…