Dec 312017

Hilary Hanson reports:

Police in Slidell, Louisiana, have arrested a man who allegedly helped scam people out of thousands of dollars in “Nigerian prince”-style email schemes.

Michael Neu, 67, is charged with 269 counts of wire fraud and money laundering. In a Facebook statement on Thursday, police described him as a “middle man” who conned victims into giving up their money in phone and online scams.

Read more on Huffington Post.

Here’s what this “prince” looks like:

Michael Neu in police booking photo.

Dec 162017

Here is yet another reminder of (1) why you don’t leave devices in your car with critical information on them, and (2) why you need backups of mission critical data. Doug Johnson reports:

LINCOLN — A Lincoln charity is desperate for help after their laptop was stolen from a Natomas restaurant parking lot.

Maria & Joseph’s Ministry to the Poor sends vitamins to the Philippines, but the president of the charity, Klint Robins, says without his computer those pills will not get to the people who need them.


“The children aren’t starving because you can have rice, you have salt, you have a little bit of vegetables,” Robins said. “But it’s not the right kind of foods.”

The addresses where boxes of vitamins need to be sent are now gone.

So even if some good samaritan provides a replacement laptop, the information is gone. How sad is that?  I’m sure Mr. Robins is already beating himself up over this, and I don’t want to pile on, but if there’s any way readers might remember this incident and vow not to leave your devices in unattended cars, and to have backups, well…… maybe some good can come out of this?

Dec 112017

One of the reasons has never confined its reporting and analyses to HIPAA-covered entities is that there are so many other types of entities that collect and store health or medical information.

Today’s example comes from the National Capital Poison Center, who found themselves in the unenviable position of reporting a ransomware attack that involved records of people who called them between January 1, 1997 and October 21, 2017. Why they kept so much data connected is…. unknown to me.

From their notification:

What Information Was Involved? NCPC cannot determine whether any information stored in the database was subject to unauthorized access, and has received no reports of attempted or actual misuse of this information. The database server contains one or more of the following types of information captured during call center calls, if the information was provided: caller name, name of person possibly exposed to a poisonous substance and date of birth, address and telephone number, information about the exposure and clinical course, recommendations provided to the caller, caller’s email address, and if applicable, treating facility name and medical record number. Most calls have only a subset of this information.

NCPC does not indicate whether they paid any ransom or  whether they attempted to restore from backup, and if so, with what results.  And not surprisingly, they do not indicate how many people had their personal information involved in this incident.

Dec 082017

Nathaniel A. Raymond, Daniel P. Scarnecchia, and Stuart R. Campo write:

The news that a platform used by at least 11 major operational NGOs and UN agencies may be relatively easy to breach, potentially exposing the personal, location, and demographic data of tens of thousands of highly vulnerable people, is deeply disturbing but not surprising. The real scandal here is not that these vulnerabilities reportedly exist, but that there is still no intentional, comprehensive agenda or political will to decisively address the root causes of this incident and limit the possible fallout.

Reports last month, from Devex and IRIN, that Red Rose’s beneficiary data tracking platform may have serious security vulnerabilities should be a wake-up call to the entire humanitarian sector.

Read more on IRIN.

YMCA of Central Florida Notifies Individuals of Security Incident

 Posted by at 5:37 pm  Hack, Miscellaneous, U.S.  Comments Off on YMCA of Central Florida Notifies Individuals of Security Incident
Nov 232017

Nov. 22 – The YMCA of Central Florida (YMCA), today announced it is notifying individuals related to an isolated security incident involving certain personal information.

Information accessed may have contained consumers’ names, and/or Social Security Number, driver’s license or other government issued identification, passport, financial account number, payment card number, health information, or health insurance number.

On October 24, 2017, the YMCA learned that an unauthorized person gained access to several employees’ email accounts. Upon learning of the incident, the YMCA immediately disabled the affected email accounts, changed the account passwords and began an investigation, including engaging a leading forensic firm.  The investigation determined that some emails may have been accessed which were primarily related to program registrations.

“We sincerely regret that this incident occurred and apologize for any inconvenience or concern this may cause our Y community,” said Colleen Manahan, chief financial officer for the YMCA of Central Florida. “To help prevent an incident like this from occurring again, we are providing our team members with additional privacy education and training.”

At this time, the YMCA has no indication that the information in the emails was actually viewed or used in any way. However, out of an abundance of caution, the YMCA has notified potentially affected consumers. Individuals whose Social Security numbers were potentially involved will be offered a one-year, complimentary credit monitoring and identity protection service. In addition, the YMCA has established a dedicated call center to answer any questions individuals may have.

Consumers affected may call 1-877-982-1592, Monday through Friday between 9 a.m. and 9 p.m. Eastern Time, for additional information and resources. For more information about this incident, please visit

The YMCA of Central Florida is one of the area’s largest nonprofits, serving more than 415,000 Central Floridians per year through a focus on Youth Development, Healthy Living and Social Responsibility. With a Christian-based mission to improve lives and communities, it operates 26 YMCA locations across Orange, Seminole, Osceola, Brevard, Lake and Marion counties. And this mission is expanded beyond the four walls of the Y through community-based programs to combat chronic disease, boost children’s after-school safety and learning, and strengthen fragile families. This YMCA Association of over 1,800 employees engaged 23,000 donors, volunteers and advocates, who joined together for the common good. To ensure that the Y remains available and accessible to all, it also provided $5.4 million in program and membership assistance to more than 50,000 children, families and seniors.

SOURCE YMCA of Central Florida