Tag Archive for: personal

Southeastern Louisiana University Says Hackers Didn’t Get Personal Info

/in


(TNS) — Six months after Southeastern Louisiana University’s systems were taken offline in response to a cybersecurity attack, the school announced Thursday that no personal identifiable information or educational records were stolen in the incident.

Southeastern took its network offline Feb. 23 in response to the security incident, which left students and faculty without access to the school’s website, email or portal for submitting assignments for nearly four weeks while officials worked with Louisiana State Police to investigate the incident.

The school said in a statement it worked with the Division of Administration, Louisiana National Guard, LSP, FBI, U.S. Department of Homeland Security, U.S. Secret Service and the Governor’s Office of Homeland Security and Emergency Preparedness during the investigative process.


“Investigations as complex as this take time, and it was important that the work was conducted with the highest level of diligence to ensure the most thorough and complete results possible,” the university wrote in its statement.

While neither Southeastern nor LSP have provided much detail about the incident, a cybersecurity expert with New Orleans and South East Information Technology Group, a Hammond-based cybersecurity firm, found 150 gigabytes of SELU data on the “dark web” in April, made available by a ransomware group named “BianLian.” The claim was also verified by sources at cybersecurity firm Postlethwaite & Netterville.

©2023 The Advocate, Baton Rouge, La. Distributed by Tribune Content Agency, LLC.

Source…

Ransomware attackers steal personal info of over 600K Medicare beneficiaries

/in


  • Employees at the Office of Personnel Management will soon see changes to their in-office requirements. All eligible employees with telework agreements at OPM are expected to report to the office at least two days per week, starting this fall. The change will take place in a phased approach, beginning in September, and will be fully implemented by October. OPM is the latest in a long series of agencies to announce new in-the-office requirements, after the Office of Management and Budget told agencies to start ramping up in-person work after the COVID-19 pandemic.
  • The Centers for Medicare and Medicaid Services (CMS) is responding to a major data breach at one of its contractors. CMS confirmed Maximus Federal Services was one of many organizations swept up by a ransomware attack on the MoveIT file transfer software in late May. CMS said the hackers were able to steal personal information on more than 600,000 Medicare beneficiaries. None of CMS’s internal systems was impacted by the attack. The agency and Maximus are sending letters to affected individuals.
  • Two lawmakers want to change how the federal employment process views marijuana. A new bipartisan bill in the House would prohibit agencies from denying someone a job or security clearance over current or past marijuana use. The bill was introduced by Rep. Jamie Raskin (D-Md.) and Rep. Nancy Mace (R-S.C.) last week. It would also require agencies to establish a process for reviewing any decision dating back to 2008 that denied someone a federal job or clearance due to marijuana use. The legislation is the latest effort to loosen restrictions around federal employment and pot. Current policies still prohibit feds from using weed whether they are on or off the clock.
  • The FDIC has outlined its plan to better manage its cloud services. The Federal Deposit Insurance Corporation will close three holes in how it manages its cloud computing services over the next year. The FDIC CIO told the agency’s inspector general that it will establish an enterprisewide catalog of data by February. It…

Source…

Jackson Township hit by digital security ‘incident.’ No personal data accessed

/in


JACKSON TWP. ‒ The township government has been hit by an unspecified computer network “incident” that’s been affecting the function of multiple systems.

Administrator and Law Director Mike Vaccaro said in a prepared statement Friday afternoon that officials are working with external cybersecurity experts to work through the problem. An investigation has also been launched into the matter, which has not resulted in any known access of unauthorized, personal or employee data.

“We will notify affected individuals if the investigation identifies evidence to the contrary,” Vaccaro said via the statement. “Our goals right now are to make sure our network is secure, all devices are clean and to restore our full functionality of data.”

Township officials declined to comment beyond Friday afternoon’s statement, which did not elaborate on the type of incident or provide other details.

Cybersecurity is the practice of protecting computer systems, networks and programs from digital attacks.

Primary township services, such as police, fire and emergency medical (EMS), have not been interrupted, and Jackson employees continue to work regular shifts and hours, Fiscal Officer Randy Gonzalez said earlier Friday.

Police Chief Mark Brink said officers have been answering emergency calls as normal and with no major hiccups.

However the Jackson Police Department is not able to receive and respond to non-emergency email messages, Vaccaro said. Residents with queries are asked to call the police non-emergency phone number, which is 330-834-3963. The non-emergency Fire Department line is 330-834-3953.

The Federal Bureau of Investigation would not confirm an investigation, citing that internal policy prohibits it.

The FBI offers assistance to those who fall victim to cyberattacks to help determine the source and if there is a continuing threat, Susan Licate, public affairs officer for the agency, said.

Victims can report the incident to the FBI Internet Crime Complaint Center, so they can investigate, she added.

“The public should be assured that the FBI takes seriously cyber intrusions that could compromise national security,” Licate said.

Municipalities can be prime targets for cyber attacks

The Ohio Township…

Source…

Ransomware criminals dump personal information of students online after stealing files from MN school

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records and discrimination complaints.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

US MARSHALS SERVICE ATTACKED BY RANSOMWARE TARGETING SENSITIVE LAW ENFORCEMENT INFORMATION

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. Not until February did district officials disclose the breach’s full dimensions.

The lasting legacy of school ransomware attacks, it turns out, is not in school closures,…

Source…