The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some…
SC: In September, Roper St. Francis was busy sending notifications on two separate breaches
On September 3, ABC reported that Roper St. Francis was notifying 6,000 patients about a breach involving their protected health information. This week, you may have read that Roper St. Francis is notifying almost 93,000 patients. There are two unrelated incidents. The first involved the compromise of an employee’s email account in June that the…
US staffing firm Artech discloses ransomware attack, data breach
Sergiu Gatlan reports: Artech Information Systems, one of the largest US IT staffing companies, has disclosed a data breach caused by a ransomware attack that affected some of its systems during early January 2020. Artech is a privately-held firm with an estimated $810 million annual revenue run rate for 2019 and more than 10,500 employees and consultants…
Researcher kept a major Bitcoin bug secret for two years to prevent attacks
Catalin Cimpanu reports: In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue. Technical details were published earlier this week after the…
Even cybersecurity companies spill data and passwords
Danny Palmer reports: The business of cybersecurity companies is to keep users safe from hackers and cyber attacks but almost all cybersecurity providers have themselves had data leaked or stolen and published on dark web forums. Research by application security company Immuniweb found that nearly all of the top cybersecurity companies have had corporate data…
Singapore Says Grab’s Fourth Privacy Breach Is Concerning
Ameya Karve and Yoolim Lee report: Singapore’s privacy regulator imposed a S$10,000 ($7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc. In August 2019, an update of Grab’s mobile application exposed the personal data of more than…