Collaborate Disseminate
In 2018, a criminal hacker known as “Lifelock” reached out to DataBreaches to share details about two healthcare entities that had not met his ransom demands. These entities were a dental practice in Menlo Park, California, and the Holland Eye Surgery … Continue reading Update: Robert A. Purbeck, aka “Lifelock, to plead guilty in Atlanta
Over the past few weeks, DataBreaches had occasionally checked a dark web leak site by an individual or group called “Mogilevich.” However, DataBreaches didn’t report on any of their claimed victims because the site and the claims see… Continue reading Fraudster’s fake data breach claims should remind media to be careful what we report
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account. The aff… Continue reading Developing: AlphV allegedly scammed Change Healthcare and its own affiliate
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
Joe Warminsky reports: Global pharmaceutical corporation Cencora reported on Tuesday that it recently discovered that intruders had stolen data from its networks. The Fortune 500 company said in a regulatory filing that data from IT systems “had been e… Continue reading Pharmaceutical giant Cencora reports cyberattack
On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in the negotiation chat, and had offered $6 million for the data and a decryptor, but allegedly c… Continue reading loanDepot notifying 17 million customers after ransomware attack in January
The Zalkin Law Firm (“Zalkin”), a San Diego firm advocating for sexual abuse survivors nationwide, was sued in September after BlackCat gained access to the firm’s system and exfiltrated 523 clients’ personal information, includ… Continue reading Zalkin law firm settles suit by clients whose sex abuse details were hacked by BlackCat
Grace Lutheran Foundation, which does business as Grace Lutheran Communities in Wisconsin, offers a variety of services including rehabilitation services, assisted living, skilled nursing, independent living, adult day services, and childcare. On Febru… Continue reading Grace Lutheran Communities attacked by BlackCat; employee and resident data acquired
On April 30, DataBreaches reported an alleged data breach involving TorchByte (formerly known as Tic Hosting Solutions). At the time, DataBreaches had been unable to reach the firm, and the Romanian data protection authority informed DataBreaches that … Continue reading Update to the Tic Hosting Solutions data incident
In August 2023, Prince George’s County Public Schools disclosed a cyberattack. At the time, they reported that “an estimated 4,500 user accounts out of 180,000 were impacted, primarily staff accounts. The school system is still assessing the full… Continue reading Updating: Prince George’s County Public Schools breach affected almost 100,000