So this is not a W-2 phishing situation, but TALX – a wholly-owned subsidiary of Equifax – is working with Entergy to notify former and current Entergy employees whose 2016 W-2 data may have been acquired by criminals from the TALX portal. In a letter to the New Hampshire Attorney General’s Office, counsel for TALX…
NC: Coastal Cape Fear Eye Associates notifies patients after ransomware attack
On February 1, Coastal Cape Fear Eye Associates in North Carolina notified HHS of a hacking incident that impacted 925 patients. Unlike many other ransomware reports where there is no clear evidence of PHI acquisition or compromise, in this incident, there was evidence of actual compromise, although no evidence of exfiltration. Here is the entity’s…
Aperio Group client account data breached by successful phishing attack
On January 30, Aperio informed advisors of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Aperio discovered the problem on January 11, 2018, and their investigation determined that all emails sent to those two accounts between…
One Plugin, Over 4,200 Victims – When Thousands of Government Websites Were Hijacked to Mine Monero
Rafia Shaikh reports: Thousands of websites around the world were targeted by cryptojackers over the weekend to mine Monero. The targets included websites run by the US and UK governments that were secretly hijacked by attackers to mine cryptocurrency using a compromised plugin, Browsealoud. Over 4,200 websites are in the victims list [link], including The City University of…
Ex-student suspect in Mississippi State University records tampering case
Therese Apel reports: According to Mississippi State University officials, one former student is the target of a search warrant in an investigation into university record tampering. MSU Chief Communications Officer Sid Salter told Logan Kirkland of the Starkville Daily News that the student graduated in December. The identity of the suspect and the nature of…
Data breach notification expected to become mandatory in NZ
Rob O’Neill reports: Privacy Commissioner John Edwards expects data breach notification to become mandatory in New Zealand as part of changes to the Privacy Act now being drafted by the Ministry of Justice. “Government has already agreed to bring our law up to speed with many of our comparative jurisdictions,” Edwards said. “It’s now well…