Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data breaches attacks. Show all posts
Personal Data Breach
Cyberattacks Data Breach Data breaches attacks Data Leak data security INC Ransom gang Inc ransomware Library Personal Data Breach

Pierce County Library System Data Breach Exposes Information of Over 340,000 People

 

A cyber attack on the Pierce County Library System in the state of Washington has led to the compromise of personal data of over 340,000 people, which is indicative of the rising threat of cybersecurity breaches being posed to public services. This attack has impacted library services in the entire county, along with library users and staff. The incident was made known to the public through breach notification letters published on the website of the Pierce County Library System. 

The incident, as revealed in the notification letters, occurred when the library system detected the incident on April 21 and decided to shut all library systems in an effort to control the breach. The library system conducted an investigation that confirmed the breach had taken place. 

The library network was also able to identify that the exfiltration of data from individuals who utilized or were part of the institution was successful on May 12. It was established that the hackers had access to the network from April 15 to April 21. Access to sensitive information was gained and exfiltrated during this time. The level of information that was vulnerable varied depending on who was targeted. 

The data that was breached for the benefit of the library patrons included names and dates of birth. Though very limited compared to the data for employees, this data is still significant for use in identity-related fraud. The breach had severe implications for current and former employees who worked within the library system. The data that was stolen for them included Social Security numbers, financial accounts, driver’s license numbers, credit card numbers, passports, health insurance, and certain data related to medical matters. 

This particular ransomware assault would later be attributed to the INC ransomware gang, which has been responsible for a number of highly detrimental attacks on government bodies over 2025. The gang has previously conducted attacks on bodies such as the Office of the Attorney General of Pennsylvania and a countrywide emergency alert service used by local authority bodies. This type of situation is not the first that has occurred on the level of Pierce County. 

In the year 2023, Pierce County was the victim of a ransomware attack on the public transit service that the community utilized heavily because the service was used by 18,000 riders on a daily basis. Public library networks have become a common target for ransomware attacks in recent years. This is because cybercriminals also perceive public libraries as high-stakes targets since community members depend on them for internet access to their catalogs and other digital services, creating a challenge where an organization may feel pressured into paying a ransom demand to resume operations. Such attacks also include national and city library networks in North America. 

The current threat environment has led to calls for developing targeted programs within the government in the United States that would evaluate risks for libraries' cybersecurity environments. This involves enhancing data sharing related to cyber attacks and providing libraries with more support and advanced services from firewalls that target libraries specifically. 

The increasing digitization efforts by libraries as government institutions further solidify that a breach such as that which Pierce County experienced is a reminder that a continued investment in cybersecurity measures is a necessity.
Read more »
Personal Data
Data Breach Data breaches attacks Data protection Data Theft Financial Data Hacker attack Hackers Personal Data

Set Forth Data Breach: 1.5 Million Impacted and Next Steps

 

The debt relief firm Set Forth recently experienced a data breach that compromised the sensitive personal and financial information of approximately 1.5 million Americans. Hackers gained unauthorized access to internal documents stored on the company’s systems, raising serious concerns about identity theft and online fraud for the affected individuals. Set Forth, which provides administrative services for Americans enrolled in debt relief programs and works with B2B partners like Centrex, has initiated notification protocols to inform impacted customers. The breach reportedly occurred in May this year, at which time Set Forth implemented incident response measures and enlisted independent forensic specialists to investigate the incident. 

However, the full extent of the attack is now coming to light. According to the company’s notification to the Maine Attorney General, the hackers accessed a range of personal data, including full names, Social Security numbers (SSNs), and dates of birth. Additionally, information about spouses, co-applicants, or dependents of the affected individuals may have been compromised. Although there is currently no evidence that the stolen data has been used maliciously, experts warn that it could end up on the dark web or be utilized in targeted phishing campaigns. This breach highlights the ongoing risks associated with storing sensitive information digitally, as even companies with incident response plans can become vulnerable to sophisticated cyberattacks. 

To mitigate the potential damage, Set Forth is offering free access to Cyberscout, an identity theft protection service, for one year to those affected. Cyberscout, which has over two decades of experience handling breach responses, provides monitoring and support to help protect against identity fraud. Impacted customers will receive notification letters containing instructions and a code to enroll in this service. For those affected by the breach, vigilance is critical. Monitoring financial accounts for unauthorized activity is essential, as stolen SSNs can enable hackers to open lines of credit, apply for loans, or even commit crimes in the victim’s name. 

Additionally, individuals should remain cautious when checking emails or messages, as hackers may use the breach as leverage to execute phishing scams. Suspicious emails—particularly those with urgent language, unknown senders, or blank subject lines—should be deleted without clicking links or downloading attachments. This incident serves as a reminder of the potential risks posed by data breaches and the importance of proactive protection measures. While Set Forth has taken steps to assist affected individuals, the breach underscores the need for businesses to strengthen their cybersecurity defenses. For now, impacted customers should take advantage of the identity theft protection services being offered and remain alert to potential signs of fraud.
Read more »
UK
Capita cyber attack Data breaches attacks UK

Capita Cyberattack Sees 90 Organizations Report Possible Data Breaches

 

The Information Commissioner's Office (ICO), the data watchdog, has stated that it has received around 90 reports regarding possible breaches connected to Capita. 

In the realm of data protection in the UK, the Information Commissioner's Office (ICO) takes on the role of a guardian. Its primary function involves enforcing laws that govern communication, networking, and the security of data. 

The ICO ensures that businesses and organizations adhere to these laws, with the aim of safeguarding individuals' personal information. Its most notable role is in upholding the EU's General Data Protection Regulation (GDPR). 

The ICO's primary objective is to ensure that businesses operating in the UK adhere to rigorous data protection principles, safeguarding individuals' privacy and personal information. Capita is a major supplier to UK government departments and is involved in various contracts within the private sector. 

These reports pertain to both the cyberattack that occurred in March and the recent discovery of an unsecured database. As per the information from the Information Commissioner's Office (ICO), it said that it is currently investigating two cyber incidents related to Capita. In March, Capita experienced a cyber attack that resulted in staff being locked out of Microsoft's Office 365 Productivity suite.

Although initially claiming no data was accessed, Capita later acknowledged that some data was exposed to malicious actors. Furthermore, it was confirmed that in the recent cyberattack on Capita, resulted in a breach of personal information of nearly 500,000 members of the USS lecturers' pension fund. 

Additionally, the ransomware group Black Basta has claimed responsibility for the breach. However, yet we are not informed about any ransom demands or payments, but Capita expects to face costs of £20m as a result of the incident. Furthermore, the Information Commissioner's Office further said that the exact count of companies impacted by the breach is currently uncertain. 

Capita provides services to a wide range of organizations, including the Ministry of Defense and the NHS in the public sector, as well as the Royal Bank of Scotland, O2, and Vodafone in the private sector. With over 50,000 employees, Capita holds substantial UK government contracts valued at over £8bn. 

The cyberattack has had an impact on various local councils in the UK. Barnet, Barking and Dagenham, Lambeth, and South Oxfordshire have all reported encountering issues due to the incident. Additionally, following the discovery of the unsecured AWS bucket, Colchester and Coventry city councils have come forward to acknowledge that their data may also be affected.
Read more »
Subscribe to: Comments (Atom)