SecurityWeek
Omni Hotels Says Personal Information Stolen in Ransomware Attack
Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group.
DataBreaches
Developing: AlphV allegedly scammed Change Healthcare and its own affiliate
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV...
DataBreaches
Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A...
The Cyber Express
Thales Defense Contractor in Hot Water: Alleged Data Breach Traced to USDoD Hacker
In a recent cyber incident, a hacker associated with high-profile breaches including those of the FBI and Airbus, has purportedly
DataBreaches
Pharmaceutical giant Cencora reports cyberattack
Joe Warminsky reports: Global pharmaceutical corporation Cencora reported on Tuesday that it recently discovered that intruders had stolen data from its...
DataBreaches
Yes, Change Healthcare breach was us — BlackCat
Zack Whittaker reports that the ongoing cyberattack at Change Healthcare has been confirmed as a ransomware attack, with executives of the firm linking it to...
DataBreaches
loanDepot notifying 17 million customers after ransomware attack in January
On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in...
DataBreaches
Zalkin law firm settles suit by clients whose sex abuse details were hacked by BlackCat
The Zalkin Law Firm (“Zalkin”), a San Diego firm advocating for sexual abuse survivors nationwide, was sued in September after BlackCat gained...
DataBreaches
True or false, Friday law enforcement edition
From today’s update to the LockBit3.0 blog, now under the control of law enforcement, we read claims that law enforcement knows who and where LockBitSupp...
DataBreaches
Change Healthcare responding to cyberattack; few details known at this point
Early yesterday, Change Healthcare reported that they were experiencing enterprise-wide connectivity issues. They didn’t call it a cyberattack at that...
DataBreaches
HHS’ Office for Civil Rights Settles Second Ever Ransomware Cyber-Attack for $40,000 and a Corrective Action Plan with OCR Monitoring
HHS OCR has announced a second enforcement settlement in a ransomware case. The 2019 breach involving Green Ridge Behavioral Health managed to fly mostly under...
DataBreaches
Grace Lutheran Communities attacked by BlackCat; employee and resident data acquired
Grace Lutheran Foundation, which does business as Grace Lutheran Communities in Wisconsin, offers a variety of services including rehabilitation services,...
DataBreaches
Update to the Tic Hosting Solutions data incident
On April 30, DataBreaches reported an alleged data breach involving TorchByte (formerly known as Tic Hosting Solutions). At the time, DataBreaches had been...
DataBreaches
Updating: Prince George’s County Public Schools breach affected almost 100,000
In August 2023, Prince George’s County Public Schools disclosed a cyberattack. At the time, they reported that “an estimated 4,500 user accounts out of...
DataBreaches
Update on INTEGRIS Health data breach: incident response criticized by patients
In December, INTEGRIS Health disclosed a cyberattack in November in which threat actors contacted patients directly to extort them when INTEGRIS wouldn’t...
DataBreaches
Two hosting companies in Romania had what appear to be unrelated breaches. Did either one ever issue a public notice?
In April 2023, DataBreaches reported on an alleged incident involving TIC Hosting in Romania. No one from TIC Hosting ever responded to inquiries from this...
DataBreaches
Was BrightStar Care attacked by two different groups — or was there only one breach?
On January 24, DataBreaches was contacted by a spokesperson for AlphV (“BlackCat”) to see if this site would be interested in reporting on a breach...
DataBreaches
Washington State Appeals Court to hear data breach lawsuit against Chelan Douglas Health District
KPQ reports: The Washington Appeals Court will hear a case from two people suing Chelan Douglas Health District over a security breach. The Health District...
DataBreaches
Hackers Stole $7.5 Million in Grant Money From US Health Department
Riley Griffin reports: Hackers stole millions of dollars in grant money from the Department of Health and Human Services last year in a series of attacks,...
DataBreaches
Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions
Just days after prosecutors in the Eastern District of Virginia recommended that Conor Fitzpatrick, aka “Pompompurin,” be sentenced to at least 15...
DataBreaches
Primary Health & Wellness Center, LLC’s public notice of ransomware incident
In the process of researching breach reports submitted to HHS, DataBreaches came across a public notice for an incident affecting Primary Health & Wellness...
DataBreaches
Raptor Technologies’ unsecured blob exposure was worse than they acknowledged. Here’s what we know — and don’t know — so far.
On January 11, DataBreaches noted a concerning blob exposure discovered by Jerome Fowler and first reported by vpnMentor. As WIRED’s Matt Burgess...
DataBreaches
Ransomware attack targets global Lutheran group
YLE reports: The Lutheran World Federation (LWF) has fallen victim to cyber extortion, Finnish news agency STT reports on Sunday. The Finnish Evangelical...
DataBreaches
Fred Hutch failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
On December 28, DataBreaches published snippets from a chat with a threat actor (TA) who claimed to have involvement with both the Fred Hutch cyberattack and...
DataBreaches
Family Healthcare notifying patients of November 2022 breach at Brady Martz & Associates
On September 8, Brady Martz & Associates in North Dakota disclosed a data breach in November 2022 that reportedly affected more than 53,000 individuals...
DataBreaches
US School Shooter Emergency Plans Exposed in Raptor Technologies Data Leak
Matt Burgess reports: Thousands of emergency planning documents from US schools—including their safety procedures for active shooter emergencies—were...
DataBreaches
Follow-on extortion campaign: confirmation of some findings by Arctic Wolf
Bill Toulas of Bleeping Computer reported on a recent Arctic Wolf Labs investigation that caught my eye. Arctic Wolf investigated two cases where victims of...
DataBreaches
Sébastien Raoult sentenced in federal court; could be out in less than 11 months
Earlier today, French natural Sébastien Raoult learned his sentence in federal court in Seattle. Raoult, aka “Sezyo,” had been detained in...
DataBreaches
Parathon by JDA e-Health: what we still don’t know about their July ransomware incident
On August 1, DataBreaches noticed that Parathon by JDA e-Health had been listed on the Akira ransomware leak site. Neither Akira nor Parathon responded to...
DataBreaches
Happy New Year 2024
On January 1, 2009, DataBreaches posted its first “Happy New Year” post. If you had asked me to predict if I’d still be posting breaches on...
DataBreaches
Recent attacks on Fred Hutch and Integris: Is attempting to extort patients directly becoming the “new normal?”
DataBreaches previously reported a breach involving Integris Health in Oklahoma. The incident did not involve encryption, but the threat actors were reportedly...
DataBreaches
Integris Health notifying patients of hack and warning them not to respond to the hackers
On December 24, Integris Health of Oklahoma started contacting patients about a cyberattack on November 28. The unnamed threat actors did not encrypt any of...
DataBreaches
ProSmile issues breach disclosure that creates more questions than it answers
On December 22, ProSmile Holdings, LLC in New Jersey issued a press release about a data breach. If ProSmile — a dental service organization — is a...
DataBreaches
Clay County, Minnesota discloses ransomware attack in October
On December 22, Clay County published a notice on its website about a ransomware attack in October. According to its notice, on October 27, 2023, the county...
DataBreaches
BSNL experiences data breach, hacker shares some information on the dark web
Myind reports: India’s state-owned telecom operator, Bharat Sanchar Nigam Ltd (BSNL), experienced a substantial data breach, placing the personal...
DataBreaches
College of the Canyons alerts employees to third-party ransomware attack
Tyler Wainfeld reports: College of the Canyons is communicating with more than 2,400 affected personnel after an unauthorized data breach through its insurance...
DataBreaches
Self-proclaimed hackers take credit for computer problems at Liberty Hospital
Andy Alcock reports from Missouri: A blackmail message from an apparent hacker appears to be the reason Liberty Hospital computer systems crashed Tuesday. KMBC...
DataBreaches
The Five Families disrupted after SiegedSec hacked; SiegedSec thrown out, Blog Hijacked
AlphV wasn’t the only group experiencing some disruption this week In August, “The Five Families” announced the collaboration of ThreatSec,...
DataBreaches
If at first you don’t succeed, screw it up again?
In mid-November, DataBreaches reported that AlphV threat actors had added MeridianLink to their leak site. When their victim wouldn’t pay them, AlphV...
DataBreaches
Troubling attacks on medical sector continue: cancer center’s data leaked, specialty infusion pharmacies locked?
Attacks on the medical sector continue. Fred Hutchinson Cancer Center This week, the group known as Hunters International claimed responsibility for an...
DataBreaches
Update: Fred Hutch Cancer Center attack claimed by Hunters International
On December 8, DataBreaches reported that Fred Hutchinson Cancer Center had been the victim of a ransomware attack and that the then-unnamed threat actors were...
DataBreaches
Delta Dental says data breach exposed info of 7 million people
Bill Toulas reports: Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a...
Bleeping Computer
Norton Healthcare discloses data breach after May ransomware attack
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents.
DataBreaches
CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)
CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has...
DataBreaches
Seeking clarification on Maine’s data breach notification statute
If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches...
DataBreaches
AlphV claims they have started contacting some of Tipalti’s clients (1)
Following up on a somewhat atypical strategy to monetize an alleged attack on Tipalti, AlphV updated their leak site post today. It now reads: We are...
DataBreaches
Hackers steal IDF patient records from cyberattack on Israeli hospital (corrected)
The Jerusalem Post reports: Over 500 gigabytes of data, including hundreds of thousands of IDF medical records were allegedly stolen by Iran-linked hackers...
DataBreaches
AlphV claims an attack before even alerting the victim. How will that work out for them? (1)
So AlphV (aka BlackCat) is trying something different again, it seems. This time, it seems they are claiming a victim before they have even attempted to...
DataBreaches
Why we need legislation requiring more transparency in breach notices, Saturday edition (Bluefield University)
Yet another notification letter provides an example of why we need legislation requiring more transparency in disclosures. A DataBreaches.net OpEd. ...
DataBreaches
If you’re in Rock County, Wisconsin, do NOT read this post. Absolutely do not read this post.
If you’re in Rock County, Wisconsin, it seems your Information Technology Director and Corporation Counsel do not want you to know certain things about...
DataBreaches
PA: Great Valley School District Falls Victim to Ransomware Attack
As DataBreaches noted yesterday on infosec.exchange, the Medusa ransomware gang claims to have hit Great Valley School District in Pennsylvania. They provide a...
DataBreaches
Pacific Cataract and Laser Institute confirms cyberattack
Pacific Cataract and Laser Institute (PCLI) is dealing with a cyberattack that LockBit claimed responsibility for. An undated notice on its website...
DataBreaches
Proliance Surgeons notifying 437,392 patients after ransomware attack earlier this year
On November 17, Proliance Surgeons notified HHS that 437,392 patients were affected by a breach. An undated notice on their website explains that it was a...
DataBreaches
Hacker breaks silence following a decade behind bars in Cybernews documentary
DataBreaches first reported on Jesse William McGraw of Arlington, Texas, a/k/a “GhostExodus,” was when he was arrested by the FBI in June 2009 and then...
DataBreaches
North Texas Municipal Water District hit by ransomware attack
The Municipal Water Authority of Aliquippa in Pennsylvania recently reported a cyberattack that appeared to be by an Iranian-backed group, “Cyber...
DataBreaches
Ransomware group leaks data allegedly from Granger Medical Clinic
On November 24, the NoEscape ransomware group added Granger Medical Clinic in Utah to their leak site. As proof, NoEscape provided a filetree and screenshots...
DataBreaches
Ransomware gang claims to have stolen Crystal Lake Health Centers data
Crystal Lake Health Centers (CLHC) provides comprehensive medical care in 11 healthcare clinics in Michigan. On some date as yet unknown to DataBreaches, they...
DataBreaches
Mission Community Hospital issues notification for May 1 ransomware attack
Deanco Healthcare LLC, which does business as Mission Community Hospital (MCH) in California, has issued a breach notification about a ransomware attack it...
DataBreaches
Meow Leaks claims attack on Vanderbilt University Medical Center (3)
Meow Leaks has added Vanderbilt University Medical Center (VUMC) in Tennessee to their leak site, and has dumped what they claim is 100% of the data...
DataBreaches
Welltok data breach exposes data of 8.5 million US patients
Bill Toulas reports: Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after...
DataBreaches
A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?
DataBreaches would have passed over a listing on LockBit3.0’s site if Brett Callow hadn’t kindly called our attention to it. The listing by the...
DataBreaches
Canadian Government Announces Data Breach, Urges Public Service Employees to Take Action
Stacey Scott reports: The federal government has issued a warning to current and former public service employees, as well as members of the RCMP and Canadian...
DataBreaches
Does claiming you were hacked when you had really just screwed up violate the FTC Act?
On November 12, DataBreaches published an OpEd, If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures...
DataBreaches
NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate
Over on SuspectFile, Marco A. De Felice reports that the NoEscape ransomware gang is threatening to release 1.5 TB of data from PruittHealth Network. De Felice...
DataBreaches
Was Yakima Valley Radiology the victim of a cyberattack? They’re not answering that.
On September 24, Karakurt threat actors added Yakima Valley Radiology PC to their leak site. Their listing claimed that they acquired 9.31 GB of files...
DataBreaches
States settle with Morgan Stanley for $6.5 million over data security incidents
In addition to Florida, represented by Consumer Protection Division Multistate and Privacy Bureau Chief Patrice Malloy and Senior Assistant Attorney General...
DataBreaches
Systems East, Inc. notifies 209,000 consumers after database with some payment card info was hacked
It’s not often DataBreaches reads a breach disclosure that reports the theft of already-encrypted data, but a notification by Systems East, Inc. (SEI) in...
DataBreaches
Alleged Extortioner of Psychotherapy Patients Faces Trial
Brian Krebs reports: Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with...
DataBreaches
We seldom see breach reports from Nebraska, so here are two.
When DataBreaches compiles statistics on health data breaches for Protenus’s annual Breach Barometer, Nebraska generally has fewer than 10 breaches per...
DataBreaches
Is a new ransomware group’s listing for Decatur Independent School District linked to an attack in September?
Decatur Independent School District in Texas was added to Inc Ransomware’s leak site on Wednesday. There is no summary or description of what the...
DataBreaches
AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for...
DataBreaches
NoEscape gang adds two more medical entities to their leak site
The NoEscape ransomware gang claims to have attacked two more medical entities. The first one is Southeastern Orthopaedic Specialists, P.A. in North...
DataBreaches
Property management firm Homeland, Inc. allegedly hacked, hackers claim to have hundreds of thousands of SSN of tenants
Hunters International has added a property management firm in Kentucky to their leak site. They provide a description of what they claim to have acquired from...
DataBreaches
Time’s up, Sunday edition: Some Jeffco Public Schools data was leaked, some data was put up for sale
As first reported on DataBreaches on Friday, SingularityMD indicated that they would be leaking or selling Jeffco Public Schools data. They followed through...
DataBreaches
If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures
— An OpEd by DataBreaches– When it comes to data breach disclosures, the very same entities who claim to take our privacy and security very, very...
DataBreaches
Was a recent OCR settlement fair? Maybe, but maybe not.
Sometimes you think you did a good job — and sometimes you actually did do a good job compared to everyone else — but someone comes along and...
DataBreaches
Michael Garron Hospital confirms some employee and clinician data stolen in cyberattack; Akira claims it stole 882,000 files
As the Toronto Star and CBC first reported last month, Michael Garron Hospital in Toronto has been investigating a cyberattack it discovered on October 23. In...
DataBreaches
Time’s up: SingularityMD sets up to sell data from Jeffco Public Schools
It looks like “SingularityMD,” the hacker(s) of Clark County School District in Nevada and Jeffco Public Schools in Colorado, are looking to start...
DataBreaches
PJ&A data breach also affected millions of Northwell Health patients (1)
News12 on Long Island reports that the Perry Johnson & Associates (PJ&A) breach reported previously on this site has also affected Northwell Health, a...
DataBreaches
Paging regulators to Aisle 4 to look at Pacific Union College’s data security and breach disclosure
On November 8, Pacific Union College in California notified the Maine Attorney General’s Office of a breach in March 2023 that impacted 56,041 people...
DataBreaches
Optum medical group in New York reports service disruption
Laura Dyrda Crystal Run Healthcare in Middletown, N.Y., told patients to expect longer wait times than usual amid a system interruption affecting some...
DataBreaches
Southwestern Ontario hospitals will rebuild network from scratch amid fallout from cyberattack; more data leaked
CBC reports: All five southwestern Ontario hospitals impacted by a cyberattack just over two weeks ago will rebuild their networks from scratch, the hospitals...
DataBreaches
Hackers give Jeffco Public Schools an extension on their deadline to respond; email parents about the breach (1)
On November 2, DataBreaches reported that the same threat actors that had hacked and exfiltrated data from Clark County School District in Las Vegas had also...
DataBreaches
Info from 5.6 million patient visits among data stolen in ransomware attack on Ontario hospital
Kathleen Saylors and Jennifer La Grassa report: A database containing information on 5.6 million patient visits to Bluewater Health and the social insurance...
DataBreaches
Mulkay Cardiology Consultants notifies almost 80,000 of ransomware attack
On Friday, Mulkay Cardiology Consultants at Holy Name Medical Center (“Mulkay”) notified the Maine Attorney General’s Office of an incident...
DataBreaches
Cardiovascular Consultants (CVC Heart) allegedly hit by ransomware
Cardiovascular Consultants LTD (CVC Heart) in Arizona may or may not have been the victim of a ransomware attack, but they have not responded to inquiries...
DataBreaches
Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group
Deer Oaks Behavioral Health in Texas is a behavioral health services provider of psychological and psychiatric services to residents of long-term care and...
DataBreaches
Update: Sensitive patient data leaked from TransForm ransomware incident; hospitals and centers affected
As predicted, Daixin has leaked the third part of the data they exfiltrated from TransForm and Canadian healthcare entities. DataBreaches reported the first...
DataBreaches
Summit Health has hundreds of locations. Were they victims of a cyberattack by LockBit3.0?
Summit Health is a for-profit, multi-specialty medical practice headquartered in Berkeley Heights, New Jersey. It describes itself as a...
DataBreaches
Update: Daixin leaks more data from Bluewater Health and other hospitals; databases yet to be leaked
As some will likely have already noticed, Daixin Team released the second part of the data leak from five hospitals in Ontario that have IT services provided...
DataBreaches
It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack
In August 2020, DataBreaches reported that the Maze ransomware gang had added Ventura Orthopedics to their name-and-shame leak site. At the time, Ventura did...
DataBreaches
Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way
How many school districts have to get massively hacked by the same method before the U.S. Department of Education, CISA, and states start really pressuring...
DataBreaches
Exclusive: Daixin Team claims responsibility for attacks affecting Canadian hospitals, starts leaking data
Daixin Team is now claiming responsibility for — and leaking data from — an attack that has significantly impacted five Canadian hospitals...
DataBreaches
Exclusive: Advarra hacked, threat actors threatening to leak data (1)
Advarra describes itself as providing integrated solutions to safeguard trial participants, empowering clinical sites, ensuring compliance, and optimizing...
DataBreaches
Exclusive: Hackers claim they still have access to Clark County School District (CCSD), and reveal more details about hack and stolen data
When reviews of data breaches in the education sector are written for 2023, they will almost certainly mention the 2022 attack on the Los Angeles Unified...
DataBreaches
India’s Biggest Data Leak So Far? Covid-19 Test Info of 81.5Cr Citizens With ICMR Up for Sale
Ankur Sharma reports: In what is suspected to be the biggest data leak case in the country so far, details of 81.5 crore Indians with the Indian Council of...
DataBreaches
IL: Morrison Community Hospital patient data leaked by threat actors
On October 13, BlackCat (AlphV) threat actors first threatened to leak data from Morrison Community Hospital (MCH) in Illinois. Shortly thereafter, the listing...
DataBreaches
Stanford University Investigating “Cybersecurity Incident” (1)
Stanford University issued a statement yesterday: The security and integrity of our information systems are top priorities, and we work continually to...
DataBreaches
Hackers escalate: leak 200k CCSD students’ data; claim to still have access to CCSD email system
Clark County School District (CCSD) in Nevada informed parents and employees that they became aware of a “cybersecurity incident” on October 5...
DataBreaches
Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment
Tiffany Lane reports: Problems continue for Clark County School District families and staff about a week and a half after being notified of a cyber...
Loading more articles....