Collaborate Disseminate
Central Group is a multinational conglomerate in Thailand that describes itself as one of the largest private commercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October 2021, DataBreaches reported an atta… Continue reading Thai loyalty membership card data of 5 million customers put up for sale on hacking forum
On November 15, Equinox notified clients and staff members about what they described as a data security incident on April 29. With a little digging, DataBreaches realized that it was an attack by LockBit3.0. Equinox is a human services organization tha… Continue reading NY: Equinox notifies clients and employees of April data security incident
Each year, there are fewer and fewer veterans of WWII. My dad was a veteran of that war. He died many years ago, and sometimes I still think about how he never really talked to me about it. Oh, he told me an amusing story or two from his basic training… Continue reading Veterans Day 2024
In March 2024, LockBit3.0 added Redwood Coast Regional Center (RCRC) to its leak site. On May 3, RCRC notified HHS of the March 6 incident, reporting that 500 patients had been affected. RCRC only recently updated that report to indicate that 24,937 p… Continue reading Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this??
In July 2021, Chelan Douglas Health District in Washington experienced a data breach. They disclosed the breach to the public in March 2022, surprisingly patting themselves on the back for completing their investigation in 6-7 months. A number of media… Continue reading Class action ping pong: Dismissal of lawsuit against Chelan Douglas Health District reversed; case goes back to Superior Court
On October 29, the Fourth Circuit Court of Appeals heard oral arguments in the government’s appeal of Conor Brian Fitzpatrick’s sentence. At issue was whether District Court Judge Leonie M. Brinkema had abused her discretion in sentencing … Continue reading Fourth Circuit hears oral arguments about the sentencing of “Pompompurin”
How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Ser… Continue reading How many similar breaches can one entity have in one year before regulators do something?
Microsoft writes: The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cyb… Continue reading US Healthcare at risk: Strengthening resiliency against ransomware attacks
On September 7, RansomHub added Cardiology of Virginia to its dark web leak site, claiming that about 1 TB of files had been acquired. DataBreaches assumes no payment agreement was struck as RansomHub subsequently leaked data, complete with a filelisti… Continue reading Cardiology of Virginia patient data appears to be up for sale. Has the entity issued any statement at all?
Charles Gorrivan and Brody Ford report: Snowflake Inc. plans to close its own investigation this week into a hacking campaign that ensnared as many as 165 of its customers. The cloud data and analytics company hasn’t detected any unauthorized access in… Continue reading Snowflake to Close Hacking Probe Into Attack Targeting Clients