The San Francisco Employees’ Retirement System has been notifying people about a breach. From their notification, this explanation of what happened: The Retirement System contracts with vendors to provide SFERS members with on‐ line access to their account information. One of the vendors, 10up Inc., set up a test environment on a separate computer server…
CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub
The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal…
Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
Timothy Carter and Susan Kohn Ross of Mitchell Silberberg & Knupp LLP write: While much attention and focus has rightly been placed on the California Consumer Privacy Act and the dramatic expansion of privacy rights for California residents that it heralds, a number of other states have quickly followed suit, working to strengthen their respective…
University of Utah patients notified after phishing incident compromised employee email accounts
David Wells reports: Some of University of Utah Health’s patients are receiving notice that their private information may have been compromised in a recent email security breach. According to U of U Health, some of its employees’ email accounts were compromised in phishing schemes, resulting in unauthorized access of those accounts between April 6 and…
IT Services Giant Conduent Suffers Ransomware Attack, Data Breach
Ed Targett reports: Conduent, a $4.4 billion by revenue (2019) IT services giant, has admitted that a ransomware attack hit its European operations — but says it managed to restore most systems within eight hours. Although Conduent didn’t name the ransomware, the Maze Team announced the breach on their site and provided some proof of their…
Maze Promotes Other Gang’s Stolen Data On Its Darknet Site
Doug Olenick reports: The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its “Maze News” website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups. IBM’s X-Force IRIS team, which has been tracking Maze, tells Information Security Media Group that…