Tag Archive for: affecting

B.C. school district investigating data breach affecting up to 19,000 people

/in


The Maple Ridge-Pitt Meadows School District is warning its school community about a data breach involving more than 19,000 records.

In a bulletin posted Thursday, the district said it is investigating how files containing first names, last names, schools/departments, district email addresses and student grades were released.

Read more:

BC Cancer Foundation warns donors of ransomware attack

Read next:

Air Canada says no, then gives customer credit after booking error

The release likely affects both students and staff, the district said.

“The information that has been accessed, while concerning, was confined to easily attainable information with limited use,” the district said in the bulletin.

“The sensitivity of this information is considered low. At this time, the school district has no evidence that critical information was disclosed.”

Story continues below advertisement


Click to play video: 'Cyber security experts say ransomware data breach in health care sector is a lesson for everyone'

Cyber security experts say ransomware data breach in health care sector is a lesson for everyone


However, it warned that the information — while not necessarily sensitive — could be used for “targeted phishing attacks.”

Trending Now

Phishing is a common online fraud tactic where a bad actor tries to trick users into clicking on malicious links or divulging sensitive information such as passwords, credit card information or other personal information.

The district is warning students, families and staff to be extra vigilant if using their district email account for any emails asking for personal information or passwords.

Read more:

TransLink warns staff hackers accessed personal banking information in cyberattack

Read next:

‘Is this real?’: Quick pick the key to $60M…

Source…

Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users

/in


Facebook is contacting about 1 million users of its platform about their account details potentially being compromised by malicious Android or iOS applications.

In a blog post on Oct. 7, Facebook’s parent company Meta said its researchers had detected 400 malicious Android and iOS apps over the past year that were designed to steal usernames and passwords belonging to Facebook users and to compromise their accounts. The poisoned apps were uploaded to Google’s and Apple’s app stores and masqueraded as legitimate games, VPN services, photo applications, and other utilities.

When users downloaded and attempted to use one of the malicious apps, it would prompt them to enter the user’s Facebook username and password. If a user entered their credentials, attackers would gain full access to the individual’s account, private information, and their friends on the social media platform, Meta said.

“This is a highly adversarial space, and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” David Agranovich, Meta’s director of threat disruption, and Ryan Victory, malware discovery and detection and engineer, wrote in the blog post. 

Meta reported the apps to Apple and Google, and the researchers noted, “We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials and are helping them to secure their accounts.”

Posed as Legitimate Apps

Many of the iOS and Android apps that Meta detected on Apple and Google’s mobile stores purported to have some fun or useful functionality, like music players and cartoon image editors. A plurality (42%) posed as photo editors, some of which claimed they could turn a user’s photo into a cartoon. 

About 15% purported to be business utilities, such as VPNs that claimed to help users access blocked content and websites or to boost their Internet browsing speeds; 14% were phone utilities, such as flashlight apps that purportedly helped brighten the phone’s flashlight. 

Mobile games accounted for about 11% of the 400 or so malicious apps that Meta’s researchers discovered. Fake reviews might have…

Source…

FMC Services, LLC Announces Data Breach Affecting More than 230k People’s Sensitive Information | Console and Associates, P.C.

/in


On September 23, 2022, FMC Services, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on FMC’s network. According to FMC, the breach resulted in the names, addresses, Social Security numbers, dates of birth and protected health information of certain patients and former patients being compromised. Recently, FMC sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

What We Know About the FMC Services Data Breach

News of the FMC data breach comes from the company’s official filing with the U.S. Department of Health and Human Services Office for Civil Rights, as well as a notice posted on the FMC website. According to these sources, on July 26, 2022, FMC Services learned that it had been the target of a cyberattack. More specifically, management was informed that hackers had “attempted to infiltrate” FMC’s computer system and demanded a ransom.

In response, the company secured its systems, stopped all unauthorized access, and began working with an independent cybersecurity firm to investigate the incident. This investigation confirmed that the hackers were able to access certain files contained on the FMC network and that these files contained sensitive information belonging to some patients.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, FMC Services then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, mailing address, date of birth, Social Security number, and protected health information.

On September 23, 2022, FMC Services sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to FMC Service’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, 233,948 people were impacted by the breach.

FMC Services, LLC is a healthcare services company based in Amarillo,…

Source…

Ransomware attack targets Professional Finance Co., affecting 657 health care clients

/in


A ransomware attack against Professional Finance Co. Inc., a Greeley-based accounts-receivable management company, has resulted in a data breach potentially affecting 657 of the company’s health-care-provider clients and almost two million individuals.

The breach, with more than 1.9 million individuals potentially affected, represents the second-biggest data breach affecting health care companies so far in 2022, according to the U.S. Department of Health and Human Services’ Breach Portal. A March attack against Shields Health Care Group Inc. of Massachusetts affected more than 2.4 million individuals.

The Professional Finance breach already has prompted four federal lawsuits accusing the company of failing to exercise reasonable care in securing customer and employee data. The lawsuits were filed in U.S. District Court in Denver and are seeking class-action status.

The ransomware attack occurred Feb. 26, but Professional Finance did not begin informing client health care providers until May 5, according to a Notice of Cybersecurity Incident posted on the company’s website.

“On Feb. 26, 2022, PFC detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems,” according to the incident report. “PFC immediately engaged third party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Federal law enforcement was also notified. The ongoing investigation determined that an unauthorized third party accessed files containing certain individuals’ personal information during this incident. PFC notified the respective health care providers on or around May 5, 2022.”

The company issued a press release about the data breach July 1.

PFC said it had “found no evidence that personal information has been specifically misused.” But data potentially accessed by the cyber attacker includes first and last name, address, accounts-receivable balance and information regarding payments made to accounts, according to the company. Additionally, date of birth, Social Security number, health insurance and medical-treatment…

Source…