Hacker sent email with 1,200 partial social security numbers to school staff

 Posted by at 7:03 pm  Education Sector, Exposure, U.S.
Apr 222018
 

Karen Yi reports:

In the age of online shopping, computer hacks and data breaches, identity theft is not necessarily a shock. But, you’re probably not expecting to get an email listing portions of your colleagues’ social security numbers.

But, in the Irvington school district, that’s exactly what happened.

Partial social security numbers of more than 1,200 employees at Irvington schools were distributed via email on Monday to an unknown number of recipients, according to the school district.

Read more on NJ.com.

SunTrust 1.5 million customers whose information may have been stolen by former employee

 Posted by at 8:38 pm  Financial Sector, Insider, U.S.
Apr 202018
 

From their press release:

SunTrust Banks, Inc. (NYSE: STI) is now offering Identity Protection for all current and new consumer clients at no cost on an ongoing basis. Experian IDnotify™ will be provided to those who sign up for the service.

SunTrust cares deeply about the privacy and security of client information. The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed. The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information. SunTrust is also working with outside experts and coordinating with law enforcement.

 

[…]

Read the full press release here.

Former student charged In cyber attack

 Posted by at 11:48 am  Education Sector, Hack, Insider, U.S.
Apr 192018
 

Fox47 reports:

An attack on Ingham Intermediate School District’s online network and the person police say is responsible was one of its own students. The incident happened in February 2017.

On Wednesday FOX 47’s Alani Letang learned more on that student, who now faces criminal charges after shutting down the district’s internet servers.

Police say 19-year old Brandon Barlett targeted the district in a ransomware attack. That attack didn’t put students or staff in danger but did affect the day to day operations of the school district.

“A couple hours in the morning a couple in the afternoon over a period of ten days is between 30-40 hours that the internet was down. The impact of teaching and learning of students and the productivity of our school employees,” said Scott Koenigsknecht- Ingham Intermediate School District Superintendent

Read more on Fox47.

TX: Victoria ISD notifies employees of breach involving their personal information

 Posted by at 7:57 pm  Education Sector, Hack, U.S.
Apr 182018
 

Let’s remember that k-12 school districts often maintain medical information on their employees, as this notification from Victoria Independent School District in Texas reminds us.

In this case, some employee email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees’ personal information, including “name, address, Social Security number, government-issued identification number, financial account information, and/or medical information.”  You can read the full notification, below.  The district offered those affected services with ID Experts:

victoria-independent-school-20180410

MedWatch LLC notifies members whose protected health information was exposed on the internet

 Posted by at 5:16 pm  Exposure, Health Data, Subcontractor, U.S.
Apr 182018
 

Florida-headquartered MedWatch, LLC is a care management company, providing risk management solutions to the self-funded health plan market.  On or about April 13, they started notifying their clients’ health plan members after learning that a vendor misconfiguration error had exposed protected health information between October 20, 2017 and December 15, 2017.

MedWatch did not name the vendor involved. Nor did they disclose how many people had their data exposed on the internet, or who their affected clients were.

You can read the full substitute notice, below.

MedWatch_Substitute Notice

Although the substitute notice does not mention it, MedWatch is offering those affected 12 months of complimentary identity protection services with ID Experts.

Update: We still don’t have total numbers yet, but they notified 1,061 New Hampshire residents.

 Older Entries