More details have emerged on a breach initially disclosed in July. CTV reports: Saskatchewan’s justice ministry is investigating a privacy breach in which an employee at a private SGI licence issuer in Vonda accessed information on thousands of people. A report from the province’s privacy commissioner states the breach involved an employee at Hometown Insurance…
Study Finds Companies May Do Too Much For Data Breach Victims
Joseph J. Lazzarotti writes: A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which…
In Break From Usual, Threat Actors Use RAT To Steal POS Data
Jai Vijayan reports: Memory-scraping tools that surreptitiously copy and export data from running processes have pretty much been the only malware that threat actors have used in recent years to steal credit and debit card data from Point-of-Sale (POS) systems. But that doesn’t mean that other options don’t exist. Security vendor SecureWorks this week said…
The Medical Reports Of 43,000 People, Including HIV Patients, Were Accidentally Released Online
Pranav Dixit reports: The medical records of over 43,000 people have been accidentally made public after being put online by a pathology lab in Mumbai. The reports contain confidential details like names, addresses, dates of birth, and blood test results. They also include details of patients who have had blood tests done for HIV detection….
Sagewood notifies 863 employees and residents of cyber attack
LCS Westminster Partnership IV, LLP d/b/a Sagewood, is reporting what they describe as a ransomware attack without any ransom demand: Sagewood, a retirement community located at 4555 E Mayo Blvd. in Phoenix, has notified 800 current and former residents and the Department of Health and Human Services of a cyber breach. Sagewood promptly investigated the…
Data breach exposed locations of oil industry explosives, handler credentials
Dell Cameron reports: A misconfigured storage device discovered by a security researcher in October left exposed thousands of internal files belonging to an explosives-handling company. The files, which have since been secured, reportedly included details about facilities in three U.S. states where explosives are stored. The leaky file repository belonged to Allied-Horizontal Wireline Services(AHWS), a leading wireline company…