Jun 152018

Danielle Salisbury reports:

A Jeopardy! champion and former Adrian College professor who hacked college email accounts pleaded guilty to a felony this week.

Lenawee County Circuit Judge Margaret Noe is to sentence Jass on July 20.

She admitted on Wednesday, June 13, to unauthorized access to a computer, program or network, punishable by a maximum of five years in prison and a large fine. The county prosecutor’s office dropped a second charge of using a computer to commit a crime, records show.

Read more on mLive.

Jun 152018

Not surprisingly, perhaps, there’s an update to a breach report involving Wellington, Florida. The original report was one week ago (cf, this post). Now Kristina Webb reports:

Wellington, Fla., Chief information officer William Silliman also said the breach began as an effort to mine for the digital currency Bitcoin, but at some point expanded to include a sophisticated “skimmer” to capture credit card numbers.

In a news release last week, Wellington warned that utility customers who made one-time debit or credit card payments between July 2017 and the beginning of this month may have had their credit card numbers stolen as part of the breach.

But one-time debit or credit card payments made to the village’s code, building, business licenses, parking tickets and planning departments also were exposed, Silliman said, citing the results of further assessment of the targeted server.

Read more on GovTech.

Jun 152018

Their press release of June 14:

Med Associates, Inc. processes claims for medical providers located in and around Albany, NY.  Med Associates, Inc. is providing notice of an incident that may have involved the security of patient’s information in its care. We have no evidence that any patient information was specifically accessed or used in any way. However, we are unable to definitively rule that out, therefore, we are notifying patients regarding the data incident and steps we have taken since discovery.

What Happened? On March 22, 2018, Med Associates became aware of unusual activity relating to an employee’s workstation occurring that same day. Med Associates immediately began investigating with our IT vendor and subsequently retained a leading third-party forensic investigation firm to assist with our investigation. It was determined that the unauthorized party accessed the workstation and through that, may have had access to certain personal and protected information.

What Information was Involved? While our investigation is ongoing, we have determined that the information that may have been accessible from the workstation included patient name, date of birth, address, dates of service, diagnosis codes, procedure codes and insurance information, including insurance ID Number.  There was no banking or credit card information contained on or accessible from the workstation.

What We Are Doing. The privacy and security of information in our possession is one of our highest priorities. Upon learning of this incident, we immediately secured the impacted workstation, implemented even more stringent information security standards and have increased staff training on data privacy and security.

Med Associates is also notifying patients who may be affected by this incident. In this notice, Med Associates is providing access to one (1) year of credit monitoring and identity restoration services through TransUnion at no cost to patients.

What You Can Do. Affected patients can review the notice letter they received, which contains information on what they can do to better protect against the possibility of identity theft and fraud should you feel it is appropriate to do so.

For More Information. We sincerely regret any inconvenience or concern this may have caused. Affected patients can call our dedicated assistance line at 855-206-9883, Monday through Friday, 9:00 a.m. to 9:00 p.m. ET for more information.

SOURCE Med Associates

Jun 132018

Brian Krebs reports:

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court. And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach.

Just days after Equifax disclosed the breach, West filed a claim with the local Orange County, Vt. courthouse asking a judge to award her almost $5,000. She told the court that her mother had just died in July, and that it added to the work of sorting out her mom’s finances while trying to respond to having the entire family’s credit files potentially exposed to hackers and identity thieves.

Read more on KrebsOnSecurity.com.

Jun 132018

Global Times reports:

Hackers attacked a popular Chinese video-sharing site, breaching millions of private data including encrypted passwords, according to an emergency notice from the site on Wednesday.

AcFun, the site for the comics and games community, urged its users on Weibo to immediately change their passwords since “nearly 10 million users’ data have been leaked, including user IDs, nicknames and passwords.”

Read more on Global Times.