Insurance Journal reports an insider data breach that will leave many people wondering exactly what a government contractor did in terms of background checks on its employees. In this case, the two allegedly rogue employees at Opexus (formerly known as AINS) were twin brothers who were previously convicted and served time for hacking crimes: A […]
The U.S. Attorney’s Office for the District of Massachusetts announced yesterday that Matthew D. Lane, 19, a student at Assumption University in Worcester, Mass., was charged and has agreed to plead guilty in connection with hacking into the computer networks of two U.S.-based companies and extorting the companies for ransoms. The two companies were not named in the Information […]
The Register reports: A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned. It’s understood Broadcom’s HR department has begun the process of informing current and former staff who are affected by the September ransomware attack at Business Systems House (BSH). Broadcom […]
Footnotes in CrowdStrike’s forensics report offer troubling details of Deloitte’s handling of incident logs. Rhode Island Current reports that the attack on RIBridges triggered hundreds of firewall alerts during the five months that attackers were in the network and were transferring gigabytes of data. But the state’s vendor, Deloitte, did not know the system had […]
A press release from the Department of Justice
The Economic Times reports: A software malfunction triggered by Oracle engineers led to a five-day outage at multiple Community Health Systems (CHS) hospitals last week, forcing several facilities to switch to paper records after losing access to their digital systems. The disruption began on 23 April during scheduled maintenance, when Oracle personnel mistakenly deleted storage […]
Bleeping Computer reports: Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. VeriSource is a Texas-based employee benefits administration and HR outsourcing solutions provider with diverse clients across the U.S. The firm has begun data breach notifications to impacted individuals about a cybersecurity incident […]
It is important to review any contract with a vendor or business associate in terms of who will be responsible for notifying affected customers or patients of any breach. A post by Robinson + Cole discusses a lawsuit stemming from a dispute over the responsibility of a business associate following a breach. According to the […]
The Daily Hodl reports: A car rental giant says sensitive customer data has been exposed in a cybersecurity incident involving one of its vendors. In a notice posted on its website, Hertz says that its vendor, Cleo Communications US, witnessed a zero-day vulnerability exploit late last year that enabled thieves to siphon customer data. Notifications on various […]
Russian Intelligence Hackers Stalk Western Logistics Firms
GovInfoSecurity reports: A slew of Western cybersecurity agencies warned Wednesday that Russian intelligence is targeting logistics and technology companies in a prolonged hacking campaign that includes an emphasis on internet-connected cameras situated along border crossings and military installations. The advisory includes indicators of compromise typical of an attack by Unit 26165 of the Russian Main Intelligence Directorate. […]