Vendor News - The Data Breach Times

May 01, 2025

1066 views 16 secs 0

Ctrl+Alt+Disaster: How Oracle techies ‘wrong click’ brought 45 out of 72 CHS hospitals to their knees for 5 days

The Economic Times reports: A software malfunction triggered by Oracle engineers led to a five-day outage at multiple Community Health Systems (CHS) hospitals last week, forcing several facilities to switch to paper records after losing access to their digital systems. The disruption began on 23 April during scheduled maintenance, when Oracle personnel mistakenly deleted storage […]

Data Breach News, News, Vendor News

April 30, 2025

996 views 38 secs 0

VeriSource now says February data breach impacts 4 million people

Bleeping Computer reports: Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. VeriSource is a Texas-based employee benefits administration and HR outsourcing solutions provider with diverse clients across the U.S. The firm has begun data breach notifications to impacted individuals about a cybersecurity incident […]

Legal News, Vendor News

April 20, 2025

1105 views 2 mins 0

Breaches Within Breaches: Contractual Obligations After a Security Incident

It is important to review any contract with a vendor or business associate in terms of who will be responsible for notifying affected customers or patients of any breach. A post by Robinson + Cole discusses a lawsuit stemming from a dispute over the responsibility of a business associate following a breach. According to the […]

Data Breach News, News, Vendor News, Vulnerabilities

April 19, 2025

1194 views 2 mins 0

100,000 Americans Exposed As Hertz Warns Customers’ Names, Contact Details, Credit Card Information, Social Security Numbers Leaked in Vendor’s Data Breach

The Daily Hodl reports: A car rental giant says sensitive customer data has been exposed in a cybersecurity incident involving one of its vendors. In a notice posted on its website, Hertz says that its vendor, Cleo Communications US, witnessed a zero-day vulnerability exploit late last year that enabled thieves to siphon customer data. Notifications on various […]

Vulnerabilities, Vendor News

April 17, 2025

894 views 15 secs 0

Alert: Cisco Warns of Webex Vulnerability That Lets Hackers Exploit Meeting Links

UC Today reports: Read more at UC Today.

Legal News, Vendor News

March 28, 2025

495 views 0 secs 0

British company Advanced fined £3m by privacy regulator over ransomware attack

The Record reports: Advanced, a business that provides IT services to numerous healthcare providers in the United Kingdom, has been fined £3.1 million (about $4 million) by the country’s privacy regulator over a ransomware attack in 2022. The company had initially faced a fine of £6 million before coming to a voluntary settlement with the Information Commissioner’s […]

Data Breach News, News, Vendor News

March 18, 2025

1141 views 2 mins 0

Over 50 U.S. school districts impacted in retirement service provider breach

In December 2024, EdTech vendor PowerSchool was hit with a major attack that reportedly affected more than 60 million students and employees throughout the country. But that wasn’t the only major attack affecting an education sector vendor in December. Teiss reports that a retirement services vendor was also the victim of an attack: About 50 […]

Legal News, News, Vendor News

March 16, 2025

1077 views 2 mins 0

TRICARE Contractor Resolves $11M False Claims Act Liability for Known Cybersecurity Violations

Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed […]

Vendor News, Data Breach News

February 04, 2025

1173 views 29 secs 0

Deloitte providing $5M to cover expenses related to RI data breach — and that’s just part of what they’ll pay

There is another update to Rhode Island’s incident response to a cyberattack last year that involved their vendor, Deloitte. Data from the state’s portal called RIBridges was acquired and leaked by threat actors when their ransom demands were not paid. Now WPRI reports: An outside consulting group will provide Rhode Island with millions in funding […]

Vulnerabilities, Vendor News

January 24, 2025

328 views 4 secs 0

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

Another day, another critical patch. The Register reports: Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices. Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform. […]