On October 6, DataBreaches reported a breach allegedly containing more than 600,000 lines of data on registered voters in D.C., where, according to the threat actors who listed it, each line represented one voter’s records. Although there may have been 600k lines of data as previously reported, the D.C. Board of Elections released a statement…
Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices
Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inmediata that protected health information (PHI) maintained by Inmediata was available online and had been indexed by search engines….
CISA Advisory: Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
Alert Code: AA23-289A October 16, 2023 Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-289a SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data…
KwikTrip all but says IT outage was caused by a cyberattack
Lawrence Abrams reports: Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions. Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois,…
Henry Schein Inc. discloses cyberattack
Newsday reports: Henry Schein Inc., Long Island’s largest publicly traded company, said that a “cybersecurity incident” it discovered Saturday affected some of its manufacturing and distribution businesses. “Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry…
Oklahoma City University data breach lawsuit dismissed
Jessy Edwards and Jon Styf provide an update to a previously reported class action lawsuit against Oklahoma City University: A judge dismissed an Oklahoma City University class action lawsuit regarding a data breach, saying the plaintiff did not show any injury or identity theft as a result of the breach. U.S. District Judge Timothy G….