So as a quick update on the issue of two state courts that we know of exposing sealed records:

Last night, those of us still trying to figure out who was responsible figured it out -- it is a vendor (third-party) who is responsible for the exposed shares.

With the researcher's cooperation and input, I sent a detailed email last night to the only email address that vendor has on their website.

No reply was received, of course.

So I just called their main number... and started to tell them why I was calling, and they hung up on me.

😡

I just called back. They didn't answer the phone, so I left a VM on their administrative offices' extension.

If the firm doesn't call me back or lock down those shares today, expect me to say more here tomorrow.

It is now 1 month since people started trying to get these shares secured. None of us are paid to do this. And getting hung up on should get the company a #CID from the #FTC in a more perfect world -- to ask what their procedures and policies are for receiving a security alert from an external (third) party.

#infosec #cybersecurity #incidentresponse #dataleak #databreach

▪Cybernews research▪ A Mexican state-owned power company that serves over 99% of the country has been leaking data online for more than three years.

#Mexico #dataleak #cybersecurity

https://cnews.link/cfe-data-leak-mexico-critical-infrastructure-3/

So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.

No reply was received.

Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.

No reply was received.

Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.

No reply was received.

Dear Russia, China, and North Korea:

You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.

Yours in total frustration,

/Dissent

#infosec #cybersecurity #incident_response #dataleak #databreach #WAKETHEFUCKUP

Two hackers leaked 8.9 GB of alleged #Kimsuky APT data — phishing kits, ops logs, source code & Cobalt Strike tools targeting 🇰🇷 gov domains.

Full story: ⬇️
https://www.technadu.com/kimsuky-apt-hackers-exposed-in-alleged-breach-revealing-phishing-tools-and-operational-data/605836/

Will this slow them down or just force a rebuild?

#Infosec #Cybersecurity #APT #DataLeak

Pacific Healthworks is claimed by the Everest ransomware group, along with hundreds of sensitive data samples from at least 50 medical groups they serve.

#ransomware #hack #dataprivacy #datasecurity #health #dataleak

https://cnews.link/pacific-healthworks-everest-ransomware-attack-data-leak-1/

Hack laboratory

Datahack medical world turns out to be much bigger: also research skin, urine and penis stolen

By Daniël Verlaan © ANP RTL Nieuws

The data breach at the laboratory that conducts population cervical cancer screening is greater than reported. In addition to stolen data from 485,000 women who participated in that population survey, data from skin, urine and penis examinations have also been stolen. A small part of it is now on the dark web.

This is according to research by RTL Nieuws. It concerns names, residential addresses and dates of birth of patients, their social security numbers and information and results of the study. Advice has also been taken as a result of investigations.

These are patients who have had examinations performed by healthcare providers and independent clinics that have been sent to the Clinical Diagnostics laboratory.

Among other things, information and results of examinations on urine, skin, vagina, penis, anus and wound fluid have been published.

Hospitals and general practitioners

Based on the leaked data, these are patients from the Leiden University Medical Center, Amphia Hospital and Alrijne Hospital, among others. Many studies written out by general practitioners can also be found in the leaked data. The dates are from 2022 to this year.

The data put online by the criminals include 53,516 people who had an investigation done by the general practitioner, RTL Nieuws calculated. The actual number leaked is expected to be much higher: currently only about 100 megabytes of data have been published, the criminals claim to have stolen 300 gigabytes.

Both Clinical Diagnostics and the criminals behind the hack have been asked to respond.

Population survey

Among the 485,000 women who participated in the population survey for cervical cancer, in addition to their private data and citizen service number, test results of smears and self-tests were stolen.

Elza den Hertog, the chairman of the board of Population Research Netherlands, says that the institute is extremely shocked. "We understand that women who have participated in population surveys through us are of course also very frightened by this. I would like to say to them that we are very sorry that this happened."

[Dutch] https://www.rtl.nl/nieuws/binnenland/artikel/5522760/datalek-baarmoederhalskanker-veel-groter-ook-onderzoek-huid-urine

#infosec #Dataleak #Nova #RaLord