InfoSec News

PII

Ransomware attack disables Texas Supreme Court’s website

By

InfoSec News

 

By William Knowles @c4i
Senior Editor
InfoSec News
May 13, 2020

On Friday, May 8th, the Office of Court Administration (OCA), the information technology (IT) provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, identified a serious security event in the branch network, which was later determined to be a ransomware attack.

The attack began during the overnight hours and was first discovered in the early morning hours on Friday. The attack is unrelated to the courts’ migration to remote hearings amid the coronavirus pandemic.

Immediately upon discovery, OCA IT staff disabled the branch network including websites and servers to prevent further harm. The network has remained disabled since this time and will continue to do so until the breach is remediated.

OCA is working with law enforcement and the Texas Department of Information Resources (DIR) to investigate the breach. DIR and other information security authorities are providing assistance to OCA with recovery support.

OCA was able to catch the ransomware and limit its impact and will not pay any ransom. Work continues to bring all judicial branch resources and entities back online. In the meantime, a temporary web site has been established with critical judicial branch information, including information concerning the COVID-19 pandemic.

In recent years, the majority of the Texas Judicial Branch entities supported by OCA have moved many IT functions to the cloud. These services have not been impacted by the attack. These cloud services include eFileTexas (for filing of documents), reSearchTX (for reviewing filed documents), collaboration tools for editing and sharing documents, and email.

This action will permit many of the courts and judicial branch agencies to continue operations and ensure that filing of documents can continue uninterrupted. At this time, there is no indication that any sensitive information, including personal information, was compromised.

Additionally, due to the structure of the IT function within the state judiciary, individual trial court networks throughout the state were unaffected by the cyberattack. Judicial branch employees supported by OCA have received training in cybersecurity in recent weeks and will continue to receive updated training.

Blake Hawthorne, Clerk of the Supreme Court of Texas, tweeted on Tuesday night “I have a feeling that before long I will be giving a continuing legal education talk on the oddly specific topic “Operating a Court During a Pandemic and a Ransomware Attack.”

In August 2019, 22 Texas towns were hit with a ransomware attack by “one single threat actor” who demanded a $2.5MM ransom.

Potential data breach reported at hard-hit Ontario long-term care home

By

InfoSec News

 

By William Knowles @c4i
Senior Editor
InfoSec News
May 11, 2020

Ontario’s Minister of Long-term Care Dr. Merrilee Fullerton reported a potential data breach at a Pickering, Ontario long-term care home on Saturday evening on Twitter.

“I’m learning of disturbing news out of Pickering’s Orchard Villa LTC home. There is a possibility of a significant privacy breach regarding individual resident personal health info. My heart goes out to the residents and families, during what is already a very difficult time”

Dr. Fullerton tweets “Our government takes personal privacy very seriously, and we are continuing to monitor this situation closely. I have been in contact with Peter Bethlenfalvy and we both share feelings of frustration and sadness at this recent development.”

Orchard Villa has informed the Information Privacy Commissioner Office and other authorities as appropriate.”

The Pickering retirement community has been Ontario’s hardest long-term care facility hit by the COVID-19 pandemic. As of Friday, May 8th, 2020, there had been 68 deaths at Orchard Villa, with 63 in the long-term care section and five in the retirement home.

Leading privacy and cybersecurity law firm investigates Tandem Diabetes Care data breach

By

InfoSec News

By William Knowles @c4i
Senior Editor
InfoSec News
April 20, 2020

Its almost cliche at this point.

We take the privacy and confidentiality of our customers’ information very seriously and apologize for any inconvenience or concern this incident may cause our customers.

With the next sentence…

Tandem Diabetes Care, Inc. (“Tandem”) is committed to protecting the confidentiality and security of our customers’ information. Regrettably, this notice is to inform our customers of a recent phishing incident that may have involved some customer information.

Some customer information is “reputational risk management code” for only 140,781 customers.

We are continuing to invest heavily in cyber security and data protection safeguards. We are also implementing additional email security controls, strengthening our user authorization and authentication processes, and limiting the types of data permitted to be transferred via email.

On January 17, 2020, Tandem Diabetes Care learned that an unauthorized person gained access to a Tandem employee’s email account through a security incident commonly known as “phishing.”

Once we learned about the incident, we immediately secured the account and a cyber security firm was engaged to assist in our investigation. Our investigation determined that a limited number of Tandem employee email accounts may have been accessed by an unauthorized user between January 17, 2020 and January 20, 2020.

Through the investigation, Tandem Diabetes Care learned that some customers’ information may have been contained in one or more of the Tandem email accounts affected by the incident. The affected email accounts may have contained customer names, contact information, information related to those customers’ use of Tandem’s products or services, clinical data regarding their diabetes therapy, and in a few limited instances, Social Security numbers.

On LinkedIn, Tandem Diabetes Care lists some 935 employees, but only three security people (understandably some of the security team might have temporarily pulled their profiles offline) and currently Tandem is looking for a Security Analyst II and a VP, Information Technology but neither of the job descriptions mention having knowing how to perform phishing exercises.

While you would think all this bad news is terrible for Tandem Diabetes Care’s stock price, guess again, when the data breach was submitted to the U.S. Department of Health and Human Services on March 13, 2020, TNDM – Tandem Diabetes Care, Inc closed at $46.55 a share and closed on Apri 18, 2020 at $72.94 a share.

So it should come to no surprised that Stueve Siegel Hanson LLP, a small Kansas City law firm known for their eight-figure legal outcomes would explore legal options for this data breach.

KANSAS CITY, Mo., April 1, 2020 /PRNewswire-PRWeb/ — Stueve Siegel Hanson LLP, a national leader in privacy and cybersecurity litigation, is investigating the data breach at Tandem Diabetes Care, Inc. that compromised the sensitive personal information of 140,000 patients, the firm announced today.

On January 17, Tandem discovered its email system had been hacked through a “phishing” scheme. An internal investigation showed several employee email accounts were compromised for three days between January 17 and January 20. The compromised information included names, email addresses, contact information, Social Security numbers and a range of patient data, including details related to customers’ use of Tandem products or services, and clinical data about diabetes therapy.

Tandem announced the data breach on March 16 and said it would notify affected customers. Individuals who receive these notifications can contact Stueve Siegel Hanson at 816.714.7105 or online to discuss their legal options.

Recognized by Law360 as “Cybersecurity & Privacy Group of the Year,” Stueve Siegel Hanson has prosecuted cases involving the largest data breaches in U.S. history, securing billions of dollars for affected customers. In 2019, the firm’s work included:

  • Securing final approval of a $1.5 billion settlement with Equifax in a nationwide class action resulting from its massive 2017 data breach;
  • Obtaining a $3.25 million settlement in a class action by optometrists following a data breach at the national testing organization for new eye doctors;
  • Serving as co-lead counsel against Capital One following a data breach affecting 106 million credit applicants; and
  • Pursuing a consumer lawsuit accusing Facebook of tracking users’ location information even after they opt-out of Location History features.

Pre-IPO online fashion marketplace Poshmark announces data breach

By

Pre-IPO online fashion marketplace Poshmark announces data breach

By William Knowles @c4i
Senior Editor
InfoSec News
August 1, 2019

Poshmark, the largest social commerce marketplace for fashion alerted users on Thursday via email and their blog that “data from some Poshmark users was acquired by an unauthorized third party.

“The data acquired does not include any financial or physical address information, and we do not believe your password was compromised.” Poshmark recommends that you change your password as a precaution and security best practice.”

According to Poshmark, Canadian users weren’t affected and this data breach was limited to U.S. users only.

The data that was stolen includes “certain user profile information specified for public use such as username, first and last name, gender, and city.” “Certain internal account information such as email address, user ID, size preferences, and one-way encrypted passwords salted uniquely per user (making it nearly impossible to use these passwords to access an account), as well as social media profile information collected when users connect social media accounts to Poshmark” and “Certain internal Poshmark preferences for email and push notifications”

The Poshmark security notice continues to say “We take the trust you have placed in us extremely seriously, and immediately upon learning of this incident, we expanded our security measures even further. We conducted an internal investigation and retained outside experts, including a  leading security forensics firm. The security forensics firm we retained ran extensive testing designed to find vulnerabilities in our software and systems. After the testing, the firm reported that it did not find any material vulnerabilities. While our security was already strong, we have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future.”

How this data breach will affect Poshmark’s reported fall IPO is unclear, Poshmark has tapped Goldman Sachs Group Inc. and Morgan Stanley as its underwriters, according to the WSJ.

The Redwood City-based company was founded in 2011 by Manish Chandra, Tracy Sun, Gautam Golwala and Chetan Pungaliya and has raised about $153 million since its inception in 2011. Its last funding round, an $87.5 million Series E announced in November 2017, gave it a valuation of $600 million, according to its Crunchbase profile. Backers include Mayfield Fund , Menlo VenturesTemasek Holdings, and GGV Capital.

 

 

 

 

Someone repeatedly compromised NASA servers

By

By William Knowles @c4i
Senior Editor
InfoSec News
December 19, 2018

 

This isn’t going to improve NASA’s FISMA scorecard rating for 2018.

On Tuesday, December 18, 2018. Bob Gibbs, Assistant Administrator, Office of the Chief Human Capital Officer sent an agency-wide message to the 17,000+ NASA employees, according to SpaceRef which posted the memo on their site.

On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.

Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents.

NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.

NASA employees should be counting their lucky stars that this doesn’t happen more often, In 2016 NASA’s Office of Inspector General found that NASA lacks a mature cyber program, earning a score of 27 out of 100 under the Office of Management and Budget’s and DHS’ five-step maturity model.

In the 2017 Federal Information Security Modernization Act: Fiscal Year 2017 Evaluation of NASA came to the conclusion that…

Despite progress made to address previously identified weaknesses related to its cybersecurity program, we concluded that NASA, based on the results of our current review, has not implemented an effective information technology security program. Further, without implementing additional improvements to ensure that NIST requirements are implemented, the Agency may lose ground in its efforts to address the challenges in a rapidly evolving cybersecurity landscape. To strengthen its information security program, we believe the Agency should continue its initiatives in each of the seven IG FISMA domains.

  1. Risk Management. Strengthen the enterprise architecture risk management framework by closing the gap between mission systems and inventory, and complete the transition to RISCS.
  2. Configuration Management. Augment secure configuration settings, improve hardware and software asset management, and remediate configuration-related vulnerabilities including unsupported operating systems.
  3. Identity and Access Management. Increase the use of PIV authentication for unprivileged users.
  4. Security Training. Complete applicable role-based training for personnel with significant security responsibilities.
  5. Continuous Monitoring. Develop a comprehensive continuous monitoring strategy for automatic hardware and software inventory detection and data exfiltration defense capabilities.
  6. Incident Response. Bridge the gap between reactive and proactive intelligence gathering and analysis techniques.
  7. Contingency Planning.

Finally, we are concerned that many recommended corrective actions from prior FISMA and other IT-related reviews remain open after more than a year. We urge a renewed Agency commitment to addressing our previous recommendations given the constant and growing cybersecurity threats. Although this memorandum made no specific recommendations to NASA, management provided a brief response that is reproduced in Enclosure V. Technical comments provided by management have been incorporated, as appropriate.

Sadly, Its easier to blame this all on aliens.