WRAL reports: A data leak at the University of North Carolina at Chapel Hill has exposed more than 1,000 Social Security numbers. The university said human error played a role in tax forms that were sent to the wrong people. The leak happened in late January. It included names, addresses, Social Security numbers and tax…
Bits ‘n Pieces (Trozos y Piezas)
CL: BlackCat confirms attack on Fonasa DataBreaches recently reported a malware attack on Chile’s National Health Fund (FONASA). There is an update to report: In a chat on Tox, BlackCat confirmed to DataBreaches that they are responsible for the attack and they say that they will announce it soon on their leaks page. A spokesperson…
3,400 death registry records accessed in Hawaii Department of Health data security breach
We do not see many breach notifications from Hawaii, but KHON made us aware of this reminder to disable access when an external employee terminates employment: HONOLULU, HI – The Hawai‘i Department of Health (DOH) will send out notification letters regarding unauthorized access to the DOH Electronic Death Registry System (EDRS), by the end of…
SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors
Washington D.C., March 9, 2023 — The Securities and Exchange Commission today announced that Blackbaud Inc., a South Carolina-based public company that provides donor data management software to non-profit organizations, agreed to pay $3 million to settle charges for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC’s…
Capitol Hill data breach more ‘extensive’ than previously known
Sean Lyngaas reports: A sweeping cybersecurity breach of congressional members’ private information was more extensive than previously known and affects not only House lawmakers and their staff but also Senate employees. The Senate sergeant-at-arms alerted Senate staff about the breach Thursday in an email obtained by CNN. The compromised data is “extensive,” and includes sensitive data such…
EPA Requires States to Address the Cybersecurity of Public Water Systems
Ashden Fein, Micaela McMurrough, Caleb Skeath, and Matthew Harden of Covington & Burling write: On March 3, 2023, the United States Environmental Protection Agency (“EPA”) published a memorandum requiring states to evaluate the cybersecurity of operational technology used by public water systems (“PWSs”) “when conducting PWS sanitary surveys or through other state programs.” EPA’s memorandum “interprets the…