In a special edition of “No need to hack when it’s leaking,” DataBreaches reports on a software vendor that, despite multiple attempts by multiple parties, continues to expose confidential and sealed court records.  Overview As a matter of policy, DataBreaches does not publish unredacted stolen or leaked data if it would expose personally identifiable or...

Source

Harvey Cashore, Eva Uguen-Csenge,  and Mark Kelley report: Kelowna nurse Ashley Stone sits down at her kitchen table, opens a bulky blue folder containing a paper trail of 10 years of multiple frauds committed in her name by imposters and gets right to the point. “It’s just been a nightmare.” She says she’s had to...

Source

Stephanie Cunningham reports: According to Mississippi State Auditor Shad White, a third of state offices are at risk of cybercrimes due to not meeting cybersecurity assessment requirements according to a report released yesterday, Tuesday, Oct. 7. Auditor Shad White stated in the release, “Part of our role in my office according to state regulations is...

Source

Ry Crozier brings us today’s installment of the “No Need to Hack When It’s Leaking” Files The victims of the breach are applicants to the Northern Rivers Resilient Homes Program, under which the government is offering to either buy back flood-prone homes, contribute to the cost of rebuilding, or to improve resilience such as by elevating...

Source

Fox28 reports: A Franklin County judge dismissed a lawsuit against the city of Columbus, which claimed it failed to follow industry standards and federal guidelines for data security. The lawsuit was filed last year after the ransomware group Rhysida claimed it stole over 6 terabytes of city data and posted it for sale. The incident caused the city to shut down multiple systems...

Source

On September 17, the Pennsylvania Attorney General’s Office posted the following update to a ransomware attack it initially disclosed on August 11. HARRISBURG — The Office of Attorney General is providing an update regarding the cyber incident last month that impacted our agency. As previously reported, the incident was the result of a malicious actor...

Source

Today’s entry in our “No Need to Hack When It’s Leaking” files is courtesy of the Brennan Center, which obtained an internal oversight report detailing the two-months-long exposure of federal, state, and local intelligence about Americans. A 2024 internal oversight report from the Office of Intelligence and Analysis of the U.S. Department of Homeland Security...

Source

From Latvian Public Media: The Kurzeme Regional Court has decided to overturn the acquittal of the District Court and to find guilty an official of a state institution for disclosing confidential information and a board member of a company for inciting a public official to disclose this information, Latvian Television reports on 17 September. Latvian...

Source

From the U.S. Department of Justice: John Murray Rowe Jr., 67, of Lead, South Dakota, was sentenced today to 126 months in prison followed by three years of supervised release and a $25,000 fine for attempted espionage. The defendant was charged by indictment in December 2021 and pleaded guilty in April of last year to one count...

Source

Cameron Montemayor reports:  Multiple sources and documents obtained via public records requests indicate the city suffered a significant cyberattack in early June, an incident that crippled network services for an extended period of time and potentially exposed the personal data of thousands of residents, city officials confirmed Monday. The City of St. Joseph has been...

Source

Some data breaches make headlines for the number of people affected globally, such as a Facebook scraping incident in 2019 that affected 553 million people worldwide. Then there are breaches that affect a country’s entire population or much of it, such as a misconfigured database that exposed almost the entire population of Ecuador in 2019,...

Source

Jonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of...

Source

Today’s reminder of the insider threat, from the U.S. Attorney’s Office for the Eastern District of Virginia: ALEXANDRIA, Va. – A U.S. Department of State (DOS) employee was sentenced today to four years in prison for conspiring to collect and transmit national defense information to individuals he knew to be working for the government of...

Source

Jonathan Greig reports: Federal officials are working with Nevada’s state government to help it recover from a cyberattack discovered on Sunday. The Cybersecurity and Infrastructure Security Agency (CISA) said it has been working with the FBI and other agencies to help the state get back online safely while investigating the origins of the attack and rebuilding...

Source

Alexander Martin reports: A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments. The attack was detected on Saturday, according to the company’s chief executive Erik Hallén. The attackers are attempting to extort Miljödata,...

Source

Jon Brodkin  reports: A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created “a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” Chuck Borges, the SSA’s Chief Data Officer (CDO), “has become aware through reports to him of serious data security lapses, evidently...

Source

Connor Jones reports: The state of Nevada is now two days into a cyberattack that has brought down many of its digital services. The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a “network security incident” took hold in the early hours of August 24. Official state websites...

Source

For the “No need to hack when it’s leaking” and the “our government is our insider threat” files, Chiara Eisner of NPR reports: Papers with U.S. State Department markings, found Friday morning in the business center of an Alaskan hotel, revealed previously undisclosed and potentially sensitive details about the Aug. 15 meetings between President Donald...

Source

Neil Shaw reports: HM Revenue and Customs (HMRC) has revealed that hundreds of staff have accessed the records of taxpayers without permission or breached security in other ways. HMRC dismissed 50 members of staff last year for accessing or risking the exposure of taxpayers’ records, according to The Telegraph. 354 tax employees have been disciplined for...

Source

Adam Goldman, Glenn Thrush, and Mattathias Schwartz report: Investigators have uncovered evidence that Russia is at least partly responsible for a recent hack of the computer system that manages federal court documents, including highly sensitive records with information that could reveal sources and people charged with national security crimes, according to several people briefed on...

Source