Centinela Valley Union High School District notifies employees of W-2 phishing incident

 Posted by at 1:52 pm  Education Sector, Phishing, U.S.
Feb 202019
 

Ding! Ding! Ding!

I think we have our first W-2 phishing report of this year, although of course I may have missed other ones. This one involves the Centinela Valley Union High School District in California.  From their notification to the state:

As a follow up to the email sent to you on January 31, 2019, we wanted to provide you additional information about the recent incident involving your personal information.

What Happened

On January 31, 2019, we learned that one of our employees received a phishing email designed to appear as if it came from one of our other employees. Upon discovery, we immediately began an investigation to determine the scope of the incident and to verify what information may have been affected. We also notified the IRS, state tax boards, and federal law enforcement authorities, and we are cooperating with their ongoing investigation.

As a result of this phishing incident, an unauthorized individual may have obtained IRS Form W-2 information for our employees, including employee names, addresses, Social Security numbers, and 2018 wage information.

Read more of the full notification here.

As of the 2008-2009 school year, the district had 614 employees. I do not yet know the current number, however.

PA: Malware breach strikes Chester County computers

 Posted by at 10:24 am  Government Sector, Malware, U.S.
Feb 202019
 

Michael P. Rellahan reports:

A breach of Chester County government’s computer system via an internet bug led to intense work by county computer specialists over the Presidents Day weekend, but apparently has not led to any compromise of users’ information, a county spokesperson said Tuesday.

Chester County’s Department of Computing and Information Services (DCIS) detected and late last week responded to potential malware activity on the county’s computer network, getting assistance from third-party cybersecurity consultants, said Chester County Communications Coordinator Rebecca Brain.

Read more on The Daily Local.  In response to the incident, the county sounds like it is really tightening up its security in some respects, and no longer allows employees to use county computers or the county network for personal use, etc.

Personal info exposed after State of Ohio sends wrong tax forms to 9,000 people

 Posted by at 2:18 pm  Exposure, Government Sector, U.S.
Feb 172019
 

Sarah Wynn reports:

The Ohio Department of Commerce says thousands of letters were sent by the state to those who qualify for unclaimed funds, but the letters were sent to the wrong people. The letters include personal information, including names and social security numbers, according to the state.

“Due to a processing error, approximately 9,000 consumers were mailed forms that were inaccurate,” the Ohio Department of Commerce’s Division of Unclaimed funds announced in a release on Friday.

Read more on ABC6.

TN: Ex-Rhodes College student pleads guilty to hacking into system, changing his grades

 Posted by at 7:47 am  Education Sector, Hack, Insider, U.S.
Feb 172019
 

Linda A. Moore reports:

A former Rhodes College student pleaded guilty Tuesday to hacking into the college’s computer system to change his grades and keep his scholarship.

Michael Geddati, 20, was a freshman pre-med major when between December 2017 and May 2018, he accessed various systems without authorization to raise his grades.

Geddati’s actions were detected after a faculty member noticed that the grade in the computer system was higher than the one Geddati had earned.

The investigation showed that on dozens of occasions, Geddati logged in as an instructor. He frequently changed his grades and was able to download an exam ahead of when it was given.

Read more on Commercial Appeal, including a description of the terms of a plea deal and a statement from the college.  And because Geddati’s job involves working with computers, he has been ordered to tell his employer about the case. The judge told Geddati, “They need to know what you’ve done and what you’re capable of doing.”

 

Piles of Southside Medical Center patients’ confidential medical records found outside the Atlanta clinic

 Posted by at 7:46 am  Exposure, Health Data, Paper, U.S.
Feb 172019
 

Michael Seiden reports:

Piles of partially burned medical records were discovered across the street from a metro Atlanta medical center, Channel 2 Action News has learned.

Southside Medical Clinic said they have no idea how the records got there.

A viewer alerted Channel 2’s Michael Seiden to the issue in a parking lot across the street from the clinic. Seiden went to an abandoned building across the street, where he found hundreds of patient documents in a dumpster and others stored outside in shipping crates.

Read more on WSBTV.

 Older Entries