Zack Whittaker reports: Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data. Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company…
Nigerian Man Sentenced to Three Years in Prison for Computer Hacking Scheme that Targeted Government Employees
Almost one year after a Nigerian national was extradited from Canada and charged with defrauding vendors of office products by “phishing” e-mail login information from government employees, Olumide Ogunremi, a/k/a “Tony Williams,” was sentenced in federal court in Newark. The sentence was announced by the U.S. Attorney’s Office for the District of New Jersey. Ogunremi…
HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals
A second big settlement from HHS this week (you can find the first one here). HHS’s press release concerning a case that was previously reported on this site in 2014 follows. The incident also resulted in a class action lawsuit that was settled in 2019. CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the…
AL: St. Clair County is latest victim of cyberattack
WBRC reports: St. Clair County Commission Chairman Paul Manning said the county is a victim of a cyberattack, but no data has left the system. Manning said on September 21, 2020, around 7:00 p.m., St. Clair County was the target of the cyberattack. The county immediately began taking actions to mitigate and remediate any hardware…
Big Game Hunting: Now in Russia
Rustam Mirkasymov and Oleg Skulkin of Group-IB write: The email raised no suspicions. An employee of a Russian medical company boldly clicked on the link and downloaded the attached ZIP archive. The message with the subject “Bill due” looked like it had been sent by the Finance Department of a large Russian media holding, the…
Shopify says two ‘rogue’ employees involved in data breach to obtain customer records
The Canadian Press reports: Shopify Inc. is working with the FBI after two “rogue members” of its support team engaged in a scheme to illegitimately obtain customer transactional records of some merchants. The Ottawa-based tech firm says it terminated the employees’ access to its network and referred the data breach to law enforcement. Read more…