Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak. Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to…
OCR investigating Banner Health’s 2016 data breach
Evan Sweeney reports: Already fending off a class-action lawsuit, Banner Health is also the subject of an ongoing federal investigation into a June 2016 cyberattack that exposed patient data. The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) launched an investigation in the aftermath of the attack that exposed data for 3.7…
Six months after TheDarkOverlord attacked their district, School District 6 sends breach notification letters to parents
More than six months after the hacker or hackers known as TheDarkOverlord hacked and terrorized School District 6 in Columbia Falls, Montana, the district has sent parents breach notification letters revealing what they were able – and not able – to determine. Three versions of the March 19th letter, marked “Draft” and signed by Superintendent…
Former nursing home employee admits stealing residents’ credit card numbers
Sam Clancy reports: A 29-year-old woman who worked for a St. Louis County nursing home pleaded guilty to stealing credit card numbers from the home’s residents. Shaniece Borney pleaded guilty to a credit card fraud scheme while she worked at NHC Health Care in 2016 and 2017, a press release from the Department of Justice…
Here’s what you didn’t know about health data breaches in February
Protenus, Inc. has released its February Breach Barometer, with its analysis of 39 health data incidents compiled for them by this site. As I have done in companion posts to their previous reports, I am providing a list, below, of the incidents upon which their report is based. Where additional details are available, I have…
Expedia’s Orbitz says 880,000 payment cards hit in breach
Reuters reports: Orbitz, a subsidiary of online travel agency Expedia Inc (EXPE.O), said on Tuesday that hackers may have accessed personal information from about 880,000 payment cards. The unit said an investigation showed that the breach may have occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1,…