Marsh and Mercer report lost backup tape (update 2)

On June 23, insurance broker Marsh and Mercer notified the New Hampshire Attorney General’s Office that in April, a back up tape being transported by a third party courier between Marsh offices was lost. The tape contained employee benefits information such as names, addresses, Social Security Numbers, dates of birth, and drivers’ license numbers, and account information. The data were managed by Marsh’s Association business, which operates through Seabury & Smith an Mercer Health & Benefits. The company states that because of the “complex nature of the security of an information on the tape, and the technical measures which are necessary to determine and analyze the data elements on the tape,” they were still investigating the matter as of the date of their notification. The total number of individuals with data on the backup tape was not indicated, but they report that 121 New Hampshire residents had data on the tape. Updated 8-12-10: Marsh and Mercer sent an update to the NH Attorney General’s Office that further investigation revealed that the total number of NH residents affected was 131.  We do not have nationwide totals. Updated 10-12-10: An update sent to the MD Attorney General’s Office on Aug. 4 indicates that 1,463 MD residents were affected.

UPDATE: Idaho Power says Mercer breach affected over 375,000

The Mercer Health & Benefits breach involving a backup tape lost in transit after being shipped by FedEx is one of those multi-client breaches that comes out in dribs and drabs. But if Mercer hoped to keep the total number affected under wraps, one of their clients may have spilled their beans. On August 12, Idaho Power Health Plan posted an FAQ on their site that I just came across. It says, in part: 2. What happened and what data information was lost? A data breach was reported by Mercer to Idaho Power on June 16, 2010. According to Mercer, on March 26, 2010 a package containing a server back-up tape was sent via FedEx from Mercer’s Boise office to their Seattle office and is presently unaccounted for. The tape contained personal demographic information (not medical or health-related data). The lost information included names, addresses, dates of birth, and Social Security numbers for approximately 5,000 Idaho Power employees and dependents and approximately 375,000 other individuals whom Mercer services through their client base. The FAQ challenges Mercer’s reassuring statement that the unencrypted data would be difficult to be read: 3. Has the tape been recovered? Any indication the tape or any information on the tape has been inappropriately misused? The tape cannot be accounted for, and we cannot confirm the tape or any information on it has or has not been inappropriately misused. While the tape was not encrypted, Mercer indicates it is not the type of media that is readily accessible. Idaho Power disagrees and we are moving forward with our own independent investigation. You will be informed as the investigation progresses. The FAQ is four pages and is either the most detailed, or one of the most detailed, breach FAQs I can recall seeing. The only thing I don’t spot in the FAQ is a phone number at Idaho Power that people can call.

Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses

A federal grand jury returned an indictment unsealed today in Newark, New Jersey charging Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran, in a 34-month-long international computer hacking and extortion scheme involving the deployment of sophisticated ransomware, announced Deputy Attorney General Rod J. Rosenstein, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Craig Carpenito for the District of New Jersey and Executive Assistant Director Amy S. Hess of the FBI. The six-count indictment alleges that Savandi and Mansouri, acting from inside Iran, authored malware, known as “SamSam Ransomware,” capable of forcibly encrypting data on the computers of victims.  According to the indictment, beginning in December 2015, Savandi and Mansouri would then allegedly access the computers of victim entities without authorization through security vulnerabilities, and install and execute the SamSam Ransomware on the computers, resulting in the encryption of data on the victims’ computers.  These more than 200 victims included hospitals, municipalities, and public institutions, according to the indictment, including the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois. According to the indictment, Savandi and Mansouri would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers.  The indictment alleges that, as a result of their conduct, Savandi and Mansouri have collected over $6 million USD in ransom payments to date, and caused over $30 million USD in losses to victims. “The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims,” said Deputy Attorney General Rosenstein.  “According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.” “The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” said Assistant Attorney General Benczkowski.  “These defendants allegedly used ransomware to infect the computer networks of municipalities, hospitals, and other key public institutions, locking out the computer owners, and then demanded millions of dollars in payments from them. As today’s charges demonstrate, the Criminal Division and its law enforcement partners will relentlessly pursue cybercriminals who harm American citizens, businesses, and institutions, regardless of where those criminals may reside.” “The defendants in this case developed and deployed the SamSam Ransomware in order to hold public and private entities hostage and then extort money from them,” said U.S. Attorney Carpenito.  “As the indictment in this case details, they started with a business in Mercer County and then moved on to major public entities, like the City of Newark, and healthcare providers, like the Hollywood Presbyterian Medical Center in Los Angeles and the Kansas Heart Hospital in Wichita—cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption.  The charges announced today show that the U.S. Attorney’s Office for the District of New Jersey will continue to act to disrupt such criminal acts, and identify those who are responsible for them, no matter where in the world they may seek to hide.” “This indictment demonstrates the FBI’s continuous commitment to unmasking malicious actors behind the world’s most egregious cyberattacks,” said Executive Assistant Director Hess.  “By calling out those who threaten American systems, we expose criminals who hide behind their computer and launch attacks that threaten our public safety and national security.  The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities.  The FBI, with the assistance of our private sector and U.S. government partners, are sending a strong message that we will work together to investigate and hold all criminals accountable.” Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer. According to the indictment, Savandi and Mansouri created the first version of the SamSam Ransomware in December 2015, and created further refined versions in June and October 2017.  In addition to employing Iran-based Bitcoin exchangers, the indictment alleges that the defendants also utilized overseas computer infrastructure to commit their attacks.   Savandi and Mansouri would also use sophisticated online reconnaissance techniques (such as scanning for computer network vulnerabilities) and conduct online research in order to select and target potential victims, according to the indictment.  According to the indictment, the defendants would also disguise their attacks to appear like legitimate network activity. To carry out their scheme, the indictment alleges that the defendants also employed the use of Tor, a computer network designed to facilitate anonymous communication over the internet.  According to the indictment, the defendants maximized the damage caused to victims by launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers.  This was intended to—and often did—cripple the regular business operations of the victims, according to the indictment.  The most recent ransomware attack against a victim alleged in the […]

Forbes Breach Email Statistics

Total of 1,056,986 E-mail’s Found are unique. Total of 111,735 E-mail Providers 564  FORBES.COM 844 .GOV 14,572 .EDU Below is a list of all email providers that have 2 or more in the breach. (full list here) Article: https://datalossdb.org gmail.com: [407769] yahoo.com: [181617] hotmail.com: [86667] aol.com: [25032] justafou.com: [20092] asertol1.co.tv: [17472] comcast.net: [11368] live.com: [9842] xamog.com: [7922] msn.com: [7454] ceoll.com: [6940] ymail.com: [6338] sbcglobal.net: [6302] me.com: [5130] yahoo.co.uk: [4199] verizon.net: [4158] att.net: [4009] mac.com: [3439] outlook.com: [3199] rocketmail.com: [2992] cox.net: [2942] mail.ru: [2590] bellsouth.net: [2512] hotmail.co.uk: [2435] yahoo.co.in: [2376] earthlink.net: [2173] googlemail.com: [1766] yahoo.ca: [1649] mail.com: [1564] rediffmail.com: [1525] yahoo.fr: [1458] charter.net: [1272] optonline.net: [1191] yahoo.in: [1132] sharklasers.com: [984] aim.com: [915] 163.com: [904] yahoo.com.br: [868] rogers.com: [863] shaw.ca: [863] hotmail.fr: [826] juno.com: [762] qq.com: [735] btinternet.com: [729] live.co.uk: [699] icloud.com: [651] yahoo.com.au: [604] yandex.ru: [603] forbes.com: [518] GMAIL.COM: [510] roadrunner.com: [491] mindspring.com: [485] live.ca: [454] gmx.com: [450] yahoo.co.id: [441] sympatico.ca: [436] mailinator.com: [436] yahoo.com.sg: [429] bigpond.com: [426] abv.bg: [424] yahoo.es: [414] yahoo.com.ph: [412] pacbell.net: [407] 126.com: [403] hotmail.it: [395] embarqmail.com: [389] netscape.net: [387] frontier.com: [364] windstream.net: [345] excite.com: [337] telus.net: [330] ovi.com: [326] q.com: [321] YAHOO.COM: [318] yahoo.de: [309] tampabay.rr.com: [305] yahoo.it: [303] web.de: [302] oracle.com: [287] hotmail.ca: [286] netzero.net: [282] Gmail.com: [282] gmx.de: [282] yahoo.com.mx: [282] yahoo.com.tw: [279] live.fr: [271] cfl.rr.com: [264] yahoo.gr: [262] prodigy.net: [259] sap.com: [255] libero.it: [253] uol.com.br: [251] rambler.ru: [244] naver.com: [240] swbell.net: [235] mchsi.com: [233] yahoo.com.vn: [227] windowslive.com: [226] netzero.com: [225] ameritech.net: [223] email.com: [216] lycos.com: [211] suddenlink.net: [208] insightbb.com: [208] usa.net: [208] umich.edu: [208] nc.rr.com: [203] cornell.edu: [202] live.com.au: [199] cisco.com: [195] wp.pl: [193] AOL.COM: [191] videotron.ca: [189] us.ibm.com: [188] wi.rr.com: [187] hushmail.com: [187] asfedass.uni.me: [187] cableone.net: [186] frontiernet.net: [183] hp.com: [183] hotmail.es: [182] nyc.rr.com: [182] Yahoo.com: [181] yahoo.co.jp: [180] centurytel.net: [179] redarrow.uni.me: [177] inbox.com: [174] austin.rr.com: [174] optusnet.com.au: [173] centurylink.net: [172] tds.net: [169] ge.com: [168] rcn.com: [165] ukr.net: [164] o2.pl: [162] seznam.cz: [160] microsoft.com: [159] live.in: [158] cs.com: [156] yahoo.cn: [156] yahoo.com.hk: [153] gmx.net: [152] ig.com.br: [152] usa.com: [151] sina.com: [150] bk.ru: [150] xtra.co.nz: [150] Hotmail.com: [147] dell.com: [145] inbox.lv: [144] fuse.net: [144] rochester.rr.com: [144] sky.com: [142] nyu.edu: [142] yahoo.com.ar: [140] yahoo.com.cn: [138] carolina.rr.com: [137] live.nl: [136] HOTMAIL.COM: [136] us.army.mil: [135] wowway.com: [134] ntlworld.com: [133] fastmail.fm: [133] inbox.ru: [132] yeah.net: [131] withum.com: [131] google.com: [131] ix.netcom.com: [129] list.ru: [129] ieee.org: [127] hotmail.de: [126] umn.edu: [125] alum.mit.edu: [124] ptd.net: [121] nycap.rr.com: [121] webmail.co.za: [121] terra.com.br: [121] columbia.edu: [120] pobox.com: [119] adp.com: [119] free.fr: [117] post.harvard.edu: [116] kc.rr.com: [115] tx.rr.com: [115] triad.rr.com: [114] bluewin.ch: [114] columbus.rr.com: [111] accenture.com: [110] bell.net: [110] live.com.mx: [109] iinet.net.au: [108] snet.net: [108] in.com: [108] rmqkr.net: [107] gyro.com: [106] principal.com: [106] optimum.net: [105] satx.rr.com: [105] hughes.net: [104] orange.fr: [104] eircom.net: [103] bol.com.br: [103] bigpond.net.au: [102] cinci.rr.com: [102] live.cn: [101] t-online.de: [100] ca.rr.com: [99] telkomsa.net: [99] wellsfargo.com: [99] yahoo.ie: [98] sify.com: [98] mweb.co.za: [98] stanford.edu: [98] kp.org: [96] san.rr.com: [96] asu.edu: [94] xerox.com: [94] cogeco.ca: [94] usc.edu: [94] intel.com: [91] y7mail.com: [90] hanmail.net: [90] yahoo.co.nz: [90] blueyonder.co.uk: [89] yopmail.com: [88] peoplepc.com: [88] wildblue.net: [87] yandex.com: [87] telenet.be: [87] morgan.edu: [86] hawaii.rr.com: [86] sc.rr.com: [85] bresnan.net: [85] mypacks.net: [85] rediff.com: [84] twcny.rr.com: [84] myway.com: [84] yahoo.com.my: [84] woh.rr.com: [84] msu.edu: [83] live.it: [83] zoominternet.net: [83] prodigy.net.mx: [82] infosys.com: [82] sapo.pt: [81] ufl.edu: [81] socal.rr.com: [80] virginia.edu: [80] btopenworld.com: [79] psu.edu: [78] adelphia.net: [78] wanadoo.fr: [77] vodamail.co.za: [77] neo.rr.com: [77] att.com: [76] facebook.com: [76] zoho.com: [75] osu.edu: [75] kingcross.pl: [74] gmx.at: [74] skynet.be: [74] tiscali.it: [73] indiana.edu: [73] emc.com: [73] deloitte.com: [72] fordham.edu: [71] knology.net: [70] maine.rr.com: [70] freemail.hu: [69] walla.com: [69] linkedin.com: [68] pfizer.com: [68] sonic.net: [68] thesba.com: [68] mail.usf.edu: [68] salesforce.com: [67] thomsonreuters.com: [67] bu.edu: [66] stny.rr.com: [66] ucla.edu: [66] live.co.za: [65] vt.edu: [65] ubs.com: [65] ucdavis.edu: [64] colorado.edu: [64] insidesales.com: [62] talktalk.net: [62] acm.org: [61] alice.it: [61] ya.ru: [60] nate.com: [59] tpg.com.au: [59] citi.com: [59] its.jnj.com: [59] edelman.com: [59] ey.com: [59] babson.edu: [58] myfairpoint.net: [58] sina.cn: [58] opayq.com: [58] stanfordalumni.org: [58] email.sc.edu: [57] temple.edu: [56] tcs.com: [56] mit.edu: [55] tiscali.co.uk: [55] new.rr.com: [55] LIVE.COM: [54] aol.in: [54] otenet.gr: [54] clear.net: [54] syr.edu: [54] wipro.com: [53] uw.edu: [53] mail.bg: [53] interia.pl: [53] singnet.com.sg: [53] dslextreme.com: [52] marketstar.com: [52] fiu.edu: [52] georgetown.edu: [52] siu.edu: [51] bankofamerica.com: [51] netapp.com: [51] surewest.net: [51] aol.co.uk: [51] kw.com: [51] hotmail.co.nz: [51] indiatimes.com: [51] reagan.com: [50] sasktel.net: [50] hvc.rr.com: [50] gci.net: [50] chartermi.net: [50] u.northwestern.edu: [50] live.de: [49] duke.edu: [49] ncsu.edu: [49] eastlink.ca: [48] internode.on.net: [48] sohu.com: [48] purdue.edu: [48] pureseo.co.nz: [48] berkeley.edu: [48] wisc.edu: [48] buffalo.edu: [48] webershandwick.com: [48] utk.edu: [48] yale.edu: [48] consultant.com: [47] pzu-doradca.kobierzyce: [47] jhu.edu: [47] uga.edu: [47] globo.com: [47] planet.nl: [47] merck.com: [47] rtrtr.com: [47] rock.com: [45] uiowa.edu: [45] centrum.cz: [45] flash.net: [45] btconnect.com: [45] wharton.upenn.edu: [45] gsk.com: [45] foxmail.com: [45] statefarm.com: [45] live.com.my: [45] boeing.com: [45] ohio.edu: [45] ogilvy.com: [45] laposte.net: [45] lpl.com: [44] xs4all.nl: [44] target.com: [44] lmco.com: [44] navy.mil: [44] operamail.com: [44] lwcresearch.com: [44] us.pwc.com: [43] live.dk: [43] sas.com: [43] nokiamail.com: [43] illinois.edu: [43] consolidated.net: [43] yahoo.se: [43] online.no: [43] virginmedia.com: [43] dygestoria.mielno.pl: [42] india.com: [42] utexas.edu: [42] atlanticbb.net: [42] ec.rr.com: [42] hush.com: [41] okstate.edu: [41] uchicago.edu: [41] kent.edu: [41] szpik.rawa-maz.pl: [41] udel.edu: [41] rbc.com: [41] erols.com: [41] aya.yale.edu: [41] drexel.edu: [41] netvigator.com: [40] yahoo.dk: [40] forrester.com: [40] hotmail.co.jp: [40] live.com.pt: [40] tin.it: [40] ualberta.ca: [40] telia.com: [39] live.se: [39] reklama.rawa-maz.pl: [39] octanner.com: [39] wegiel-plock.wielun: [39] gmx.us: [39] utoronto.ca: [39] sprint.com: [39] bex.net: [39] northwesternmutual.com: [39] tcd.ie: [39] kotly.pruszkow.pl: [39] GMail.com: [39] crimson.ua.edu: [39] epix.net: [39] kadry.kartuzy.pl: [38] disney.com: [38] clearwire.net: [38] vanderbilt.edu: [38] fedex.com: [38] knights.ucf.edu: [38] ucsd.edu: [38] u.washington.edu: [38] i.ua: [38] tom.com: [38] program-motywacyjny.mazowsze: [38] kadry.swiebodzin.pl: [38] tlen.pl: [38] philips.com: [38] 21cn.com: [38] pepsico.com: [38] bigmir.net: [38] gwu.edu: [38] kolumny.malopolska.pl: [37] fishbowlinventory.com: [37] bc.edu: [37] hawaii.edu: [37] czesci-fadroma.lowicz: [37] sofy.augustow.pl: [37] kosmetyka.sanok.pl: [37] COMCAST.NET: [37] domy-z-bali.kutno: [37] gartner.com: [36] gmx.ch: [36] iafrica.com: [36] attglobal.net: [36] hotmail.gr: [36] live.ie: [36] wal-mart.com: [36] luc.edu: [36] azet.sk: [36] bigfoot.com: [36] email.arizona.edu: [36] db.com: [36] virgilio.it: [36] email.phoenix.edu: [36] osk-wloclawek.podhale: [36] sungard.com: [36] sprynet.com: [36] mopy.wegrow.pl: [35] mycie-para.sanok: [35] umd.edu: [35] nm.com: [35] puchary.jelenia-gora.pl: [35] myself.com: [35] capgemini.com: [35] wavecable.com: [35] wczasy-egipt.tgory: [35] virgin.net: [34] freenet.de: [34] dayrep.com: [34] mail.missouri.edu: [34] […]