Some more analysis of 2023 breaches. Sophos reports that for more than 150 incident response (IR) cases it handled in 2023, cybercriminals abused remote desktop protocol (RDP) in 90% of attacks. This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020. In addition,…
Indian government’s cloud spilled citizens’ personal data online for years
Jagmeet Singh reports: The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to…
Proposed CorrectCare Breach Settlement Rejected Over Equitable Treatment
Christopher Brown reports: A proposed $6.49 million settlement of a lawsuit alleging that CorrectCare Integrated Health LLC failed to protect the personal information of 647,000 people in a January 2022 data breach was rejected by a federal court. Plaintiffs Virginia Hiley, Christopher Knight, Kyle Marks, and Marlena Yates failed to show in their motion for settlement approval…
Ernest Health rehabilitation hospitals notify patients of ransom attack in January (2)
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient data that included names and at least one of “addresses, birth dates, medical record numbers,…
This may be the worst ID theft case you’ve ever read about
KCRG Staff report: A former Iowa City hospital administrator pleaded guilty on Monday to an identity theft scheme that spanned three decades and caused the victim to be falsely imprisoned for nearly two years. Officials said 58-year-old Matthew Keirans, from Hartland, Wisconsin, pleaded guilty to one count of false statement to a national credit union…
Hackers stole Russian prisoner database to avenge death of Navalny
Sean Lyngaas and Darya Tarasova report: Within hours of opposition leader Alexey Navalny’s death in February in a Russian prison, a group of anti-Kremlin hackers went looking for revenge. Using their access to a computer network tied to Russia’s prison system, the hackers plastered a photo of Navalny on the hacked prison contractor’s website, according to interviews with the…