Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inmediata that protected health information (PHI) maintained by Inmediata was available online and had been indexed by search engines….
CISA Advisory: Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
Alert Code: AA23-289A October 16, 2023 Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-289a SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data…
KwikTrip all but says IT outage was caused by a cyberattack
Lawrence Abrams reports: Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions. Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois,…
Henry Schein Inc. discloses cyberattack
Newsday reports: Henry Schein Inc., Long Island’s largest publicly traded company, said that a “cybersecurity incident” it discovered Saturday affected some of its manufacturing and distribution businesses. “Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry…
Oklahoma City University data breach lawsuit dismissed
Jessy Edwards and Jon Styf provide an update to a previously reported class action lawsuit against Oklahoma City University: A judge dismissed an Oklahoma City University class action lawsuit regarding a data breach, saying the plaintiff did not show any injury or identity theft as a result of the breach. U.S. District Judge Timothy G….
D-Link confirms data breach after employee phishing attack
Sergiu Gatlan reports: Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link’s D-View network management software, along with millions of entries containing personal information of customers and employees, including…