From the way-too-slow-learning-curve dept. Steve Alder reports: Healthcare organizations are exposing a vast amount of patient data by failing to implement even basic security measures for DICOM servers, according to a recent Trend Micro TrendAI analysis. TrendAI identified thousands of internet-facing DICOM servers belonging to hundreds of entities. The lack of security protections puts patient...

Source

Jung Da-hyun reports: A recent data breach at the National Center for the Rights of the Child (NCRC), exposing sensitive personal records of adoptees, is drawing criticism from overseas adoptee groups and raising questions about the agency’s credibility. The breach, which the NCRC said occurred between April 30 and May 2, came to light when...

Source

When Instructure did not contact ShinyHunters to negotiate any payment after ShinyHunters attacked them for a second time in April,  the threat actors threatened to leak every school’s data, and posted a notice telling schools how to contact them directly to avoid having their data leaked. When Instructure still didn’t contact them after that escalation, ...

Source

Sarah Motter reports: Missouri regulators say a major national vendor is stonewalling their investigation into a cybersecurity breach that could affect millions of consumers. The Missouri Department of Commerce and Insurance now says it is escalating its response to the cybersecurity breach at Conduent Business Services. Conduent is a national vendor that handles sensitive insurance...

Source

PHILADELPHIA, May 4, 2026 /PRNewswire/ — The following release was issued by RG/2 Claims Administration LLC, as Settlement Administrator. If Your Private Information Was Potentially Compromised in a Data Incident Announced by the Pennsylvania State Education Association on March 18, 2025, You May be Eligible for Benefits from a Class Action Settlement. A proposed Settlement has been...

Source

Instructure defines itself as the “O.G. champions of open edtech. The makers of Canvas, Mastery, and Parchment (solutions for learning, assessment, and credentialing). Host of the world’s largest online community of educators. (And yes—we’re ‘the panda people.’). We build industry-leading edtech, empowering both teachers and learners at every step of their journey.” Sadly, they were...

Source

From the U.S. Attorney’s Office, District of Maryland: A Maryland man is facing federal indictment stemming from an unauthorized computer access scheme involving a Maryland medical system. Matthew Bathula, 41, of Clarksville, is charged with two counts of unauthorized access to a protected computer, and one count of aggravated identity theft while working as a...

Source

There is an update regarding the 2023 Delta Dental breach involving MOVEit software. Delta Dental was one of many customers whose patient data was exposed after Clop exploited a zero-day vulnerability to attack MOVEit and acquire its clients’ data. More than 7 million patients were reportedly affected by the breach, although the number specific to New...

Source

Tyler Bridegan, Scott Hyman, Patrick Strubbe, and Sarah Wilk of Womble Bond Dickinson write: In a first of its kind, a California federal judge allowed claims against Bain Capital to proceed based on a data breach at its subsidiary, PowerSchool. Notably, many of the claims are based on conduct that occurred before Bain’s acquisition of PowerSchool. Although...

Source

DysruptionHub reports: Kentwood Public Schools said districtwide Wi-Fi was disrupted after a student used malicious software designed to interfere with the school system’s network. The district said outside experts helped isolate the issue, which affected Wi-Fi connectivity across its schools, and that the problems “appear” to have been resolved. Kentwood Public Schools serves students in...

Source

The Department of Justice had a pretty good day today in terms of cybercrime. In addition to two men being sentenced for using BlackCat ransomware to try to extort U.S. entities, a German national living in Colombia has now been extradited to the United States on charges that he owned and operated “The Versus Project,”...

Source

France has arrested numerous young hackers in the past decade. You’d think — or hope — that they might have developed an effective diversion program by now. Have they? That’s not to imply that other countries like the U.K. and U.S. have effective diversion programs, because as far as this blogger knows, they don’t have...

Source

Data from Japanese firms indicates that paying ransom is unlikely to enable full recovery of encrypted data. Japan Today reports: At least 222 Japanese companies have paid ransomware attackers in the past, yet about 60 percent of them still failed to recover their data, according to a recent survey. Of 1,107 firms that responded to...

Source

Nogo Mania reports: The football world faces a serious security crisis. A large-scale cyberattack targeted the Asian Football Confederation, exposing sensitive data linked to more than 150,000 players and staff. The breach ranks among the most serious incidents in football history. Reports state that the leaked information includes passport copies, contracts, email addresses, and personal identification data. The...

Source

UNN reports: Moldova’s Cybersecurity Agency has reported a large-scale attack on the country’s main medical database, resulting in damage to around 30% of the information, according to Point, as reported by UNN. The agency’s deputy director said the attackers had been targeting the platform over the past month. The database is a key hub collecting data...

Source

A DataBreaches.net Editorial The “BlueLeaks 2.0” data breach may be the worst privacy and data security breach affecting students that DataBreaches has seen in 20 years of reporting on breaches affecting the education sector. If people thought the Power School incident was the worst ever, hold my coffee. Who will hold P3 Global Intel (“P3”)...

Source

Jared Perlo reports: The long-running fight to rein in the government’s power to search Americans’ phone calls, emails and text messages without a warrant has gained new urgency on Capitol Hill over concerns that AI will supercharge state surveillance. Lawmakers are currently jockeying over reforms to a key law that enables warrantless monitoring of Americans’...

Michael Martin reports:  Cherry Health says it is dealing with ongoing technology issues, but days into the disruption, officials have not explained what’s causing them. In a notice posted to their website, the health system said it is “experiencing technology issues across Cherry Health, including our phone system.” Their clinics remain open for scheduled visits....

Source

Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that resulted in a data breach affecting about 77,000 customers. “After learning of the breach, Fidelity also failed to notify many impacted residents, including the relatives and minor children...

Source

The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in the council’s board, said that about a week ago a hacker breached the database containing members’ personal data when it...

Source