Michael Ramsey reports: Western Australia’s health department has apologised for accidentally leaking the personal details of passengers aboard a flight carrying a person infected with monkeypox. A woman who travelled on the flight from Doha last week said she received the document in an email from WA Health. It contained the personal information of...
On Aug. 15, 2022, a federal court in the Central District of California entered an order authorizing the IRS to serve a John Doe summons on SFOX, a cryptocurrency prime dealer headquartered in Los Angeles, California, seeking information about U.S. taxpayers who conducted at least the equivalent of $20,000 in transactions in cryptocurrency between...
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management...
On August 5, Atlantic Dialysis Management Services (ADMS) in New York issued a press release that no longer appears to be available on any of the sites that published it — with one exception. ADMS also posted a security incident notice on its website. Their website notice reads, in part: On June 9, 2022,...
ENAP (Empresa Nacional Del Petroleo), is a Chilean state-owned company engaged in the exploitation, production, refining, and marketing of oil and its derivatives. It reports administratively to the Ministry of Energy. As Nicolas Parra Tapia and Felipe Diaz Montero recently reported, well-known Nigerian cybercriminals had targeted ENAP in a wire transfer scheme. It was...
Top Class Actions reports that Florida Orthopaedic Institute, ooerated by the Musculoskeletal Institute, has agreed to pay $4 million to settle claims stemming from a 2020 ransomware attack. The incident was first disclosed in June 2020, and then reported to HHS on July 1 as affecting 640,000 patients. There is no notation in HHS’s...
Simon Sharwood reports: Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp. This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their...
It is not unheard of for ransomware groups to publicly misidentify their victims. We saw such errors from the outset of groups publicly naming and shaming victims and leaking data. DataBreaches reported on a few such cases involving Maze and has reported on other misidentifications in other groups since then. DataBreaches has occasionally contacted...
J. Fingas reports: Signal’s reputation for secure messaging doesn’t make it completely invulnerable to hacking incidents. The company has confirmed that a data breach at verification partner Twillio exposed the phone numbers and SMS codes of roughly 1,900 users. As TechCrunch observed, the intruder could have either used the information to either identify Signal users or re-register their numbers to...
Wojciech Karpieszuk reports that the Marymont Potok cooperative announced the attack on Thursday. Machine translation: We don’t know what this entails, whether the data is safe, or whether the readings will be falsified,” says Mr. Janusz from Marymont. A customer notes that the switch to remote reading was supposed to prevent fraud, but if...