Tag: Information | Page 2

Police officers’ personal information may be at risk after ransomware data hack

January 7, 2024/in Internet Security

Thousands of Surete du Quebec (SQ) police officers and ex-police officers have found themselves the collateral victims of a data theft that occurred in the servers of Xpertdoc, a computer firm in Terrebonne.

The SQ confirmed, late Wednesday afternoon, to have opened an official investigation after receiving a formal complaint in the case.

According to information obtained from the Syndicat des policières et des police provinciales du Quebec (APPQ), the firm targeted in the hack is a former subcontractor in charge of data management for the union’s group insurance program.

The firm was targeted in a ransomware-type attack, where hackers swipe data and demand a ransom before giving access to its owner.

What upsets the union the most in the story is that business ties had been severed between the APPQ and Xpertdoc since 2008.

The union wants to understand how and why its members’ data could be kept 12 years after the firm stopped working with the SQ.

The APPQ said it is evaluating remedies and checking whether or not the contract insisted on personal date being destroyed at the end of the business relationship.

SQ spokesperson Hugo Fournier said the force recognizes that the situation is worrying for the largest police force in the province. Police officers’ and former police officers’ addresses, phone numbers and other personal information could have fallen into the wrong hands.

Xpertdoc had not responded to requests for comment at the time of publishing.

Source…

Poor security led to pathology hack | Information Age

December 5, 2023/in Computer Security

Pathology company Australian Clinical Labs has come under fire from Australia’s privacy watchdog for a 2022 cyber attack which saw credit card details and health records for more than 200,000 people leaked to the dark web.

The Office of the Australian Information Commissioner (OAIC) has taken ACL to court with allegations the company had “serious and systemic” failures leading to the attack.

In October of last year, while Australia had its focus on a landmark data breach at health insurer Medibank, the parent company of medical testing company Medlab – Australian Clinical Labs (ACL) – revealed it had suffered a significant cyber attack of its own.

The incident was largely overshadowed by similar happenings at Medibank and Optus, however, it saw the personal information of at least 223,269 individuals exposed to a hacker group known as Quantum, which exfiltrated 86GB of data including passport numbers, health information and credit card details.

Notably, the attack took place in February last year – eight months before being publicly confirmed by ACL.

Much of the stolen data appeared on the dark web in June 2022 – approximately four months prior to ACL’s public confirmation of the incident.

Serious allegations levied at ACL

The OAIC alleges ACL “seriously interfered with the privacy of approximately 21.5 million individuals”, whose personal information it held, by “failing to take reasonable steps” to protect said information from unauthorised access or disclosure.

In its concise statement, the commissioner notes ACL still does not know the precise time or method of the attack, but that it started “on or before” 25 Feb 2022 when Quantum attacked the Medlab computer network operated by ACL.

According to the statement, an employee discovered the attack at approximately 5:00am when they attempted to access a computer on the Medlab network, only to find a ransomware demand sitting on the desktop.

The employee soon after notified Medlab’s IT team, and by 9.00am the ransom note had appeared on other computers on the Medlab network in Brisbane and Sydney.

The OAIC notes ACL – which hit nearly $1 billion in revenue during financial year 2022 – did…

Source…

Hackers who targeted the private hospital that treated Kate Middleton are threatening to release the Royal Family’s private medical information

December 2, 2023/in Computer Security

GCHQ and police investigating hacking gang Rhysida named after centipede

By Kevin O’sullivan

Published: 17:31 EST, 2 December 2023 | Updated: 17:41 EST, 2 December 2023

Hackers who targeted the private hospital which treated Kate, Princess of Wales, are threatening to release private medical information belonging to members of the Royal Family.

The gang broke into the computer systems of the King Edward VII’s Hospital and warned they aim to release ‘data from the Royal Family’ on Tuesday unless they are paid £300,000 in the cyber currency Bitcoin.

The ransom demand was made on the dark web, where the hackers posted images of what they claim are stolen files including X-rays, letters from consultants, registration forms, handwritten clinical notes, and pathology forms.

Prince William departs the King Edward VII hospital with his wife Catherine, Duchess of Cambridge

The Princess of Wales was admitted to the King Edward VII’s Hospital in 2012 with prolonged bouts of acute morning sickness during her first pregnancy. Pictured, Kate attends the Royal Variety Performance 2023 at the Royal Albert Hall

The gang said: ‘Unique files are presented to your attention! Data from the Royal Family! A large amount of patient and employee data. Sale in one lot!!’

GCHQ and police are investigating the attack by hacking gang Rhysida – named after a venomous tropical centipede.

The 56-bed private hospital in Marylebone has been used by the Royal Family for more than a century. The late Queen Elizabeth II was a patient and so was Prince Philip who spent almost a month being treated there before he died aged 99 in 2021.

The Princess of Wales was admitted there in 2012 with prolonged bouts of acute morning sickness during her first pregnancy.

During her stay, two Australian radio DJs placed a hoax call and obtained private medical information about Kate – then the Duchess of Cambridge – which they then broadcast, forcing hospital bosses into an embarrassing apology.

The nurse who unwittingly took the call later committed suicide over the prank.

Last night,…

Source…

Local expert tells how to keep your computer and personal information safe

November 30, 2023/in Computer Security

The bad guys may seem like they’re winning, but with time and effort you can protect yourself, your family, your money and your computer and smartphone from attack by hackers, scammers and other cybercriminals.

That was the message of Jim Rome, webmaster for several local nonprofit organizations who spent the latter part of his career at Oak Ridge National Laboratory providing computer security for classified systems. He delivered his message most recently to Friends of ORNL.

Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.

He mentioned that recently the city of Oak Ridge had been a victim of a “denial of services” malware attack, causing network issues and making its business side unable to process utility payments for days.

Malware, short for malicious software, is a set of computer programs created by cybercriminals that can steal data from and damage or destroy computers and computer systems. It includes viruses, spyware and ransomware – software designed to block access to an individual’s personal data or a company or organization’s computer system until a sum of money (ransom) is paid.

Rome said that the global cost of cybercrime was estimated at more than $7 trillion dollars in 2022. In the first half of 2022, more than 50 million Americans had been affected by cybercrimes, the highest rate of data breaches in the world. The nations that have the most dangerous cybercriminals include China, Russia, Taiwan, India, Brazil and the United States, according to one source.

Rome cited two recent computer attacks that have affected corporations and customers. One cyberattack disrupted operations of the cleaning products maker Clorox, reducing the availability of the company’s products and slashing its quarterly earnings and stock value by 20%.

In September, a cyberattack at MGM Resorts International, he added, caused widespread disruption on the Las Vegas Strip. The hotel and casino giant had to require manual check-ins and the use of physical key cards so guests could access their rooms.

Potential…

Source…

Tag Archive for: Information