Bill Toulas reports: Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. Flagstar is a Michigan-based financial services provider and one of the largest banks in the United States, having total assets of over $30 billion. Read more at Bleeping Computer.
Voicemail phishing emails steal Microsoft credentials
Jeff Burt reports: Someone is trying to steal people’s Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications. This email campaign was detected in May and is ongoing, according to researchers at Zscaler’s ThreatLabz, and is similar to phishing messages sent a couple of years ago. This latest wave is…
Data allegedly from “Georgia Board of Education” up for sale on a forum?
Some data allegedly from the Georgia Board of Education was offered for sale on a hacking-related forum last week. But were they really from the state board of education? After DataBreaches started asking questions, the listing seems to have been removed. Last week, DataBreaches.net spotted a listing on a hacking-related forum that offered what was…
Indian government issues confidential infosec guidance to staff – who leak it
Simon Sharwood reports: India’s government last week issued confidential information security guidelines that calls on the 30 million plus workers it employs to adopt better work practices – and as if to prove a point, the document quickly leaked on a government website. Read more at The Register.
UK: Thousands of service families’ addresses and private information compromised after surge in security breaches at MoD
David Wooding reports: Defence chiefs were told to get a grip yesterday after a surge in security and data breaches. Thousands of service families have had addresses and private information compromised. Figures reveal more than a quarter of all blunders since 2010 took place in the last year — 559 in 2020-21, and 2,000 in…
Phelps Health notifies patients of MCG Health breach (and the lawsuits start…)
Add Phelps Care Regional Medical Center (“Phelps Health“) to any list of updates to MCG Health clients impacted by the MCG breach. Phelps’ notification indicates that it was alerted to the breach by MCG on April 22. Update: Phelps reported that 12,602 patients were impacted. As reported previously by DataBreaches, MCG Health uses March 25, 2022…