By Ray Kafity, VP META, Attivo Networks In 2021 we experienced an extensive increase in cyber security breaches and attacks in the Middle East, and unfortunately, it is expected to continue in 2022. Organisations are faced with the burden to tackle the increase in cyber-attacks and the after-effect of working remotely. And the preferred target …
The Medical College of Wisconsin (MCW) says they were recently hit with a data security breach, and thousands of patients’ confidential information may have been compromised.
The information may include patients’ names, birthdays, medical record numbers, health insurance information — as well as a small amount of Social Security numbers and bank account information.
According to a news release from the MCW, they learned that a small number of faculty and staff were victims of a spear phishing attack to their email system. It occurred between July 21st and July 28th, but the the forensic firm could not definitively conclude if any information was actually accessed, viewed, downloaded or otherwise acquired by the unauthorized user.
Upon discovering the issue, MCW promptly disabled the impacted email accounts, required password changes to the compromised accounts, maintained heightened monitoring of the accounts and commenced an investigation.
MCW concluded that an unauthorized third party accessed a limited number of email accounts belonging to MCW employees that contained patients’ protected health information, the release states. The compromised email accounts at issue contained either one or more of the following: patients’ names, home addresses, dates of birth, medical record numbers, health insurance information, date(s) of service, surgical information, diagnosis/condition, and/or treatment information.
Social Security numbers and bank account information for a very small number of patients were also contained within the affected email accounts.
Fashion retailer Forever 21 reported Tuesday that it suffered a security breach that allowed a hacker to gain unauthorized access to credit card information from a number of the company’s retail locations.
According to Forever 21, a third party group notified the company of the possibility that there was “unauthorized access to data from payment cards that were used at certain Forever 21 stores.” The company then launched its own investigation into the matter and discovered that some customer credit card data may have been exposed.
Forever 21 focused its investigation, for which it retained the help of a “leading security and forensics firm,” on credit card transactions that took place in its retail stores between March and October 2017—though the company noted its investigation is ongoing and it is “too early to provide further details.”
What the company could disclose was that at least some transactions during the timeframe it investigated were exposed. Forever 21 implemented encryption and tokenization solutions in 2015 that are designed to protect transaction data on its point of sales machines in its stores. However, the company admitted that not all of its stores had the security layers in operation during the time of the breach.
For the time being, Forever 21 is not disclosing what locations were affected or how many customers may have had their card compromised. Forever 21 operates more than 815 stores in 57 countries.
“We expect to provide an additional notice as we get further clarity on the specific stores and timeframes that may have been involved,” the company said. The company has not provided any additional resources for consumers to determine if they may have been affected.
Details of the breach, which happened back in 2015, are naturally hush-hush, but according to multiple sources familiar with the matter, this is how it went down. A contractor for the NSA brought highly classified material outside of NSA offices to his home computer. State-sponsored Russian hackers were then able to pilfer these files easily …