Here we go again — another ransomware attack on a k-12 school district, and the threat actors may have obtained current — and very old — data on both students and personnel. Kudos to the district for promptly alerting their community as to the possibility and risks, but still, this is serious. So far, this…
UNC Hospitals Notifies Patients that Former Employee Used Patient Information for Personal Gain
CHAPEL HILL, N.C.–(BUSINESS WIRE)–UNC Hospitals announced that it has mailed letters to 719 patients whose information may be at risk for identity theft. On September 10, 2021, UNC Hospitals learned that one of its employees was using patient information for personal financial gain. The employee was responsible for handling payments from patients for services rendered…
Governments turn tables on ransomware gang REvil by pushing it offline
Joseph Menn and Christopher Bing broke the news yesterday: The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. …. “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries,…
Thief Who Swiped 94,000 Credit Card Numbers At Michaels Stores In NY, NJ, CT, PA Sentenced
Jerry DeMarco reports an update to a breach previously covered extensively on this site over the past decade. A member of an ID theft ring that stole more than $600,000 from customers at Michaels stores in New York, Connecticut, New Jersey, Pennsylvania, and elsewhere was sentenced to 51 months in federal prison on Thursday. Jose “Tito”…
Ohio State University email gaffe creates a FERPA breach
An email gaffe due to not using bcc: instead of cc: or TO: revealed almost 400 Ohio State University students’ disability status to other students. Read the story on The Lantern. Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure needs…
Salt Lake IT worker arrested, charged with sharing info on undercover officers
Another really serious insider-wrongdoing breach, if the allegations are true. Hayley Crombleholme reports: Salt Lake City Police Chief Mike Brown called allegations that a city employee accessed the names of undercover officers, metro gang files, and other restricted documents “very concerning.” The man was identified in a probable cause document as Patrick Driscoll, an IT…