A school contractor that provides online registration so students can sign up for AP and PSAT exams misconfigured their cloud storage, exposing students’ and parents’ personal information. A number of school districts or schools contract with a firm in Colorado called Total Registration, who, according to their web site, registered more than 525,000 students from…
Augustana Colleges reports a ransomware attack
Add Augustana College to the list of educational institutions getting hit by ransomware. You can read their notification here, although it’s not clear from the notice whether it was student data, employee data, or both that was on the affected server. Nor is it clear how many people had data on the server in question….
Lest we forget physical security, too
It’s easy to lose interest in low-tech data theft or compromise when we have topics like ransomware and extortion to consider. But physical security of paper records is still something that cannot be taken too casually, as this notice from Bloodworks Northwest reminds us. Was the document stolen or did it just get thrown out…
Database With Millions of Indian Personal Records Exposed and Hijacked
Bob Diachenko writes: On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: Name Email Gender Education level and area of speciazliation Professional skills / functional area Mobile phone number Employment history and current employer Date of…
Spectrum Health Lakeland notifies patients after billing vendor breach
I’m not finding anything on their web site just yet, but Spectrum Health Lakeland has reportedly been notifying patients about a breach involving their billing provider, OS Inc. WSJM reports that the health system learned of the breach on March 8 after an OS employee’s email account containing patient information was accessed without authorization. The information…
2019 Verizon Data Breach Investigations Report (DBIR) is Out
This year, Verizon’s DBIR is based on data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide. You can read the Executive Summary here, or read the full report here. There are some data in it that may raise an eyebrow or…