One of the newer incidents appearing on HHS’s public breach tool this week is a report from Mind & Motion, LLC in Georgia. Mind & Motion offers various types of therapeutic modalities. On September 30th, 2018, they discovered that their server had been attacked with ransomware. In a notification to patients, they write: We have…
Breaches have consequences: Finnish trafi safety boss resigns over privacy breach
YLE reports: The head of the Finnish Transport Safety Agency Mia Nykopp has resigned after a privacy breach that allowed details about every driver in the country to be easily accessible online. […] Since July it has been possible to view details of every driver’s license online, and to check if they have a valid license. Trafi shut…
ASI Computer Systems notifies customers after discovering support site compromise of login credentials
ASI Computers is notifying some of their customers after discovering on November 1, 2018 that usernames and passwords on a support web site had been hacked prior to December 2016. From their notification to California: ASI confirmed which credentials had been exposed by the following day, November 2, 2018. ASI determined the affected credentials related…
San Bernardino Community College District notifies students whose personal info was exposed in spreadsheet gaffe
Errors involving spread sheets continue to contribute to breaches. Consider this description in a notification from San Bernardino Community College District – Crafton Hills College Campus. The breach occurred on October 25: What HappenedWe recently learned that a District employee inadvertently sent a spreadsheet containing certain individuals’ information to a community college distribution list. Although the…
Ticketmaster tells customer it’s not at fault for site’s Magecart malware pwnage
From the maybe-if-we-just-say-it’s-not-our-fault? dept, Gareth Corfield reports: Ticketmaster is telling its customers that it wasn’t to blame for the infection of its site by a strain of the Magecart cred-stealing malware – despite embedding third-party Javascript into its payments page. In a letter to Reg reader Mark, lawyers for the controversy-struck event ticket sales website said that Ticketmaster “is…
It is with a heavy heart that we must inform you hackers are targeting ‘nuclear, defense, energy, financial’ biz
Shaun Nichols reports: Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that’s hiding behind North Korean code. Discovered by McAfee and dubbed “Sharpshooter”, the operation has been running since November, largely focusing on US-based or English-speaking companies and agencies around the world with an emphasis…