Oct 232018

J. D. Capelouto reports:

A Nigerian man was sentenced to five years and 11 months in prison on Monday for his role in an online scam that accessed the employee bank accounts of several colleges and universities, including some at Georgia Tech, federal prosecutors said Tuesday.

Olayinka Olaniyi, 34, was part of a “phishing” scheme that sent fraudulent emails that appeared to be from legitimate businesses to trick the recipients into providing personal information and passwords, according to officials.

Read more on AJC.

Oct 192018

This notice from their web site just showed up in my searches:

Catawba Valley Medical Center (CVMC) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice concerns an incident that may have involved some of that information.

On August 13, 2018, CVMC determined an unauthorized person may have gained access to an employees’ email account. CVMC immediately took steps to secure the email account and began an investigation, including hiring a leading computer forensic firm to assist. On August 24, 2018, the investigation determined three email accounts may have been accessed between July 4, 2018 and August 17, 2018. Through the course of our investigation, we have determined that some patient information may have been in those email accounts and may have included patient names, dates of birth, health information about services received at CVMC, health insurance information, and in some instances, Social Security numbers.

We have no indication that the information in the emails has been misused in any way. However, out of an abundance of caution, we began mailing letters to affected patients on October 12, 2018, and have established a dedicated call center to answer any questions patients may have. If you believe you are affected and have not received a letter by November 15, 2018, please call 1-877-214-4239, from 9:00 a.m. to 9:00 p.m. Eastern time, Monday through Friday.

We recommend that affected patients review the statements they received from their health insurer. If they see services they did not receive, contact the insurer immediately.

We deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we have hired security experts to enhance our employee education; we have implemented tighter e-mail controls; and we continue to upgrade our hardware and software platforms to combat these malicious threats.

<posted 10/12/2018>

Oct 172018

KSTP reports:

On Wednesday, state leaders addressed two recent data breaches at the Department of Human Services.


“Could you please try and help us connect why there was such a failure here of four months before folks were notified of the compromising situation of their private data?” asked Sen. Mary Kiffmeyer, (R) Big Lake.

Read more on KSTP.

Oct 142018

David Chenault reports:

Financial scammers stole more than $600,000 from Henderson ISD through a sophisticated, yet common, fraud scheme.

According to HISD’s financial records, on Sept. 26, the district initiated a $609,615.24 direct electronic bank payment (known as an Automated Clearing House or ACH) to RPR Construction Company Inc. The firm is overseeing the construction at Lions Stadium and renovation work at the former Chamberlain Elementary School.

However, on Oct. 1, the district’s business department staff discovered the funds were mistakenly transferred to a fraudulent account instead of RPR’s bank account. Administrators soon realized HISD was the target of a Business Email Compromise (BEC) scheme.

Read more on Tyler Morning Telegraph.

h/t, @K12CyberMap

Oct 062018

Graham Cluley reports:

New research has revealed that business email compromise is being made easier for any criminal to add to their arsenal.

Researchers at threat intelligence firm Digital Shadows report that companies don’t even need to be hacked to spill their address books and email archives. Careless backups of email archives on publicly-accessible rsync, FTP, SMB, S3 buckets, and NAS drives have exposed some 12.5 million archive files (.eml, .msg, .pst, .ost, .mbox) containing sensitive and financial information.

The researchers found over 50,000 email files that contained terms such as “invoice”, “payment”, or “purchase order” terms in misconfigured or unauthenticated file stores. In some cases, the email archives have even contained passport scans.

Read more on Graham Cluley.