Rebecca Picciotto reports: Since June 5, The San Francisco Employees’ Retirement System (SFERS) has been confronted with a class-action lawsuit claiming negligence due to a data hack from February. Righetti Glugoski, a law firm located in San Francisco, is representing the plaintiffs. The case was brought to the firm by San Francisco resident Richard Goss….
Data breach at Mid-Michigan College endangers personal data of up to 16,000
Eric Baerren reports: A hacker penetrated Mid-Michigan College’s email system, compromising the accounts of 10 employees and compromising personal data of potentially up to 16,000 people. The data breach was announced in correspondence sent by MMC president Christine Hammond to the college community earlier this week, and in a public notice on Thursday. Read more…
Why weren’t patients told that their data was dumped publicly?
On May 13, DataBreaches.net reported that Ako ransomware operators revealed that they had attacked North Shore Pain Management in Massachusetts. The threat actors announced the attack and dumped some of the practice’s files when the medical practice did not pay their ransom demand. The data dump, consisting of more than 4 GB of more than…
UCSF updates progress recovering from ransomware attack
On June 4, I noted that NetWalker ransomware operators had reportedly added the University of California at San Francisco to their website where they name victims who have not paid their ransom demands. When I checked back today, I do not see UCSF still listed on NetWalker’s site, which is curious. But I also see…
Pennsylvania health system hit by NetWalker ransomware
NetWalker ransomware operators have added Crozer-Keystone Health System to their list of victims who have not paid their ransom demands. In a post on the threat actors’ website today, they note that they will start dumping data in six days if the Pennsylvania-based health system does not meet their demands. Their public threat does not…
Microsoft 365 phishing campaign exploits Samsung, Adobe, and Oxford University
Lance Whitney reports: Microsoft is a popular brand for cybercriminalsto impersonate in phishing campaigns. The company’s products are used by a vast number of people, both personally and professionally. Plus, gaining access to someone’s Microsoft credentials can open the key to an array of associated websites and services. One particular campaign analyzed by cyber threat intelligence…