Personally Identifiable Information (PII) – Page 3

Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest

Posted on May 4, 2021 by Tim Starks

A teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. Carroll was an assistant principal at Bellview Elementary School, while her daughter attended Tate High School. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. A Florida State Department of Law Enforcement investigation concluded that phones and computers from their Pensacola suburb household were used to access student records. “The primary reason for the decision is, she was almost 18 years of age and would age out of the juvenile system in a very short period of […]

The post Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest appeared first on CyberScoop.

Continue reading Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest→

Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator

Posted on May 4, 2021 by Sean Lyngaas

A pair of hacks at health care organizations revealed in recent days highlights the enduring cybercriminal threat to the sector as the U.S. makes progress in fighting the coronavirus pandemic. Scripps Health, a San Diego-based nonprofit system with five hospital campuses, on May 1 said that it had suspended access to IT applications that support its health care facilities following a “security incident.” The incident forced Scripps to reschedule some patient appointments for Saturday and Monday, but “patient care continues to be delivered safely and effectively at our facilities,” the nonprofit said in a statement on its Facebook page. (Scripps’ website was still down by press time on Tuesday morning.) Meanwhile, Midwest Transplant Network, a Kansas-based organization that connects organ donors with recipients, said it had been working to determine if patients’ personal health data had been affected by a recent breach. NPR affiliate KCUR reported that some 17,000 people […]

The post Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator appeared first on CyberScoop.

Continue reading Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator→

Geico data breach opens door to unemployment scams

Posted on April 19, 2021 by Sean Lyngaas

Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data. “If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in a breach notice letter posted to the website of California’s attorney general on April 15. The perpetrators of the breach used personal information on Geico customers that they acquired elsewhere to access Geico’s sales system and steal the driver’s license numbers, according to King. Geico has taken “additional security enhancements” to guard against fraud on its website in light of the incident, King added. It was unclear how many people were […]

The post Geico data breach opens door to unemployment scams appeared first on CyberScoop.

Continue reading Geico data breach opens door to unemployment scams→

Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond

Posted on March 22, 2021 by Asheesh Kumar

As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be very valuable for today’s medical facilities, also need healing of their own. What should hospital IT security teams look out for? Our overview of the state of cybersecurity in the health […]

The post Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond appeared first on Security Intelligence.

Continue reading Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond→

5 Ways Companies Can Protect Personally Identifiable Information

Posted on February 5, 2021 by Fred Donovan

Protecting personally identifiable information (PII) is one of the key aspects of a security expert’s job. What does personally identifiable information include? Social Security numbers, birth dates and places, financial accounts and more can give threat actors a foothold to identify someone or steal their money or identity. This data could also be used to […]

The post 5 Ways Companies Can Protect Personally Identifiable Information appeared first on Security Intelligence.

Continue reading 5 Ways Companies Can Protect Personally Identifiable Information→

UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

Posted on December 29, 2020 by Joe Warminsky

It’s been almost a year since an international sting took down WeLeakInfo, a site that marketed stolen personal data, but its alleged customers are still drawing the attention of law enforcement. The U.K.’s National Crime Agency says that 21 people have been arrested across the country recently for using data purchased on WeLeakInfo for criminal activity, including hacking and fraud. “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. The operation began Nov. 16 and will continue into next year, the agency said. Some WeLeakInfo users are being threatened with legal action rather than arrested outright. “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially […]

The post UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data appeared first on CyberScoop.

Continue reading UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data→

US officials shut down scam websites impersonating Moderna, Regeneron

Posted on December 18, 2020 by Sean Lyngaas

U.S. Justice Department officials on Friday said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors’ personal data as part of a scam. The scammers appeared to impersonate pharmaceutical giants Moderna and Regeneron, and collected information that could be used for fraud, or to steal users’ credentials and deploy malicious software, the U.S. Attorney for the District of Maryland said. It wasn’t immediately clear how much personal data was stolen, or how it was used, if at all. But the domain seizures are a reminder of the staggering amount of coronavirus-related fraud that has occurred this year, as crooks all over the world have exploited the pandemic to sell counterfeit pills and conduct ransomware attacks. Americans have reported more than $211 million in losses from COVID-19-related fraud, according to the Federal Trade Commission. In […]

The post US officials shut down scam websites impersonating Moderna, Regeneron appeared first on CyberScoop.

Continue reading US officials shut down scam websites impersonating Moderna, Regeneron→

Bug could expose patient data from GE medical imaging devices, researchers warn

Posted on December 8, 2020 by Sean Lyngaas

Security researchers have discovered a software vulnerability that could allow an attacker to steal sensitive patient data from X-ray and MRI machines, or more than 100 models of General Electric medical devices. While there is no evidence that hackers have exploited the vulnerability for their own gain, the flaw points to the recurring issue of health care devices sending patient information over insecure channels. In this case, the maintenance software for the GE medical devices used publicly-exposed login credentials, which could allow attackers to execute code on the devices. “The bigger picture here is authentication and it’s a problem that’s unfortunately typical for medical devices,” said Elad Luz, a researcher at CyberMDX, the medical security company that publicly disclosed the vulnerability on Tuesday. Using the vulnerability to steal patient data would require a malicious hacker to first gain access to a health care organization’s computer network. Actually leveraging the bug […]

The post Bug could expose patient data from GE medical imaging devices, researchers warn appeared first on CyberScoop.

Continue reading Bug could expose patient data from GE medical imaging devices, researchers warn→

Hacker who sent information on US personnel to Islamic State is freed by judge

Posted on December 4, 2020 by Joe Warminsky

A foreign hacker sentenced to 20 years in U.S. prison for giving the Islamic State the personal information of about 1,300 U.S. military and government personnel has been given a compassionate release by a federal judge due to the coronavirus pandemic. Ardit Ferizi, who was arrested in 2015 at age 19 in Malaysia and later extradited to the U.S., must spend two weeks in quarantine before deportation by U.S. Immigrations and Customs Enforcement, according to the order from Judge Leonie M. Brinkema of the Eastern District of Virginia. Brinkema agreed with a request from Ferizi saying that his asthma and obesity put him at greater risk for contracting COVID-19. Ferizi will be deported to his home country of Kosovo, where he has a support network of family, the judge said. The judge expressed confidence that U.S. officials will be able to monitor his conduct online, given how quickly he was […]

The post Hacker who sent information on US personnel to Islamic State is freed by judge appeared first on CyberScoop.

Continue reading Hacker who sent information on US personnel to Islamic State is freed by judge→

Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

Posted on November 19, 2020 by Joe Warminsky

Stolen credit card numbers sometimes spill onto the dark web for the most mundane reason: People carelessly give them up. According to researchers with Gemini Advisory, a China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler approach. The fraudsters set up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web, Gemini says. It ends up being a double-dip for the crooks: In addition to vending the card data and other information about shoppers in cybercriminal forums, they also collect money for items that are “faulty, counterfeit, or nonexistent,” Gemini says in a report published Thursday. The dark web sales have led to profits upwards of $500,000 over the past six months, but the total take is “likely significantly larger,” considering all the money the scammers […]

The post Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says appeared first on CyberScoop.

Continue reading Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says→