First, the good news (such as it is): a ransomware attack on Christus Health by Avos Locker has not impacted patient care. Now, the bad news: the threat actors acquired — and have already leaked — a lot of sensitive information on patients and employees. On May 11, Avos Locker added Christus Health to their…
Conti claims to have inside information on Costa Rica, escalates threats
DataBreaches previously reported on the situation in Costa Rica, where the government has declared a national emergency following a ransomware attack by Conti. What is of special note in this incident are Conti’s escalating threats in their attempt to get their ransom demands paid and the self-identification of the affiliate involved (who calls themself “unc1756”)….
Former top Republican lawmaker in Colorado received leak of voting data
Alexandra Ulmer reports: A former Republican minority leader of the Colorado legislature is among the recipients of a trove of sensitive voting data leaked by a county official working with activists seeking to prove President Donald Trump’s false stolen-election claims, according to court records reviewed by Reuters. The revelation indicates the breach of ballot data…
How criminals got away with hacking Pennsylvania unemployment accounts
Angie Moreschi reports: Paula Soffa is just one of the thousands of Pennsylvanians whose unemployment insurance account was hacked over the past year— not once, but twice. “They changed my password, they changed my username, and they changed my security questions,” Paula told 11 Investigates Angie Moreschi. “I was like what the heck! I was…
Texas Department of Insurance leak went undetected for three years — state audit
On April 5, DataBreaches reported: And then there’s the Texas Department of Insurance. They informed the Texas Attorney General’s office that 1,800,000 Texas were affected by a leak involving names, addresses, dates of birth, phone numbers, parts or all of Social Security numbers, and information about injuries and workers’ compensation claims. Anyone who had claim…
PA: Ransomware group claims to have hit Mercyhurst University
You may need to add Mercyhurst University in Pennsylvania to any list of post-secondary educational entities hit by ransomware. SuspectFile notes that the university has not confirmed any breach and LockBit has not posted any proof (yet?). But SuspectFile notes the irony that one month after one of the university’s four colleges participated in Cyber…