Posted on

Hacker Breach Exposes OpenAI’s Internal Messaging Systems, Design Details Stolen

open ai 3315154187

the staff of the Ridgewood blog

Ridgewood NJ, last year, a hacker successfully breached the internal messaging systems of OpenAI, the renowned AI research company behind ChatGPT, and stole confidential details about the design of their artificial intelligence technologies, according to a report by The New York Times.

Continue reading Hacker Breach Exposes OpenAI’s Internal Messaging Systems, Design Details Stolen

Posted on

Valley Health System Vendor Experiences a Data Breach

20220711 074525 scaled

the staff of the Ridgewood blog

Ridgewood NJ, CBIZ KA Consulting Services, LLC (“CBIZ KA”) provides revenue assurance, Medicaid eligibility, and compliance solutions services to certain Healthcare Providers. On May 31, 2023, Progress Software, the publisher of the MOVEit® Transfer secure file transfer platform, disclosed a zero-day vulnerability in their MOVEit software. CBIZ KA uses MOVEit Transfer to securely transfer data files in the normal course of business.

Continue reading Valley Health System Vendor Experiences a Data Breach

Posted on

Facebook Hit With Another Massive Data Breach

facebook-lg1

the staff of the Ridgewood blog

Ridgewood NJ, CBS is reporting that Over 267 million Facebook users have had their personal information exposed by another massive data breach.

Security researcher Bob Diachenko reportedly made the disturbing find on Dec. 14. Diachenko and U.K. technology research firm Comparitech believe the unprotected database was left open on the dark web for nearly two weeks.

During that time, the names, phone numbers, and Facebook user IDs were exposed in the latest embarrassing mishap for the social media giant.According to CNET, Diachenko believes criminals in Vietnam are responsible for stealing the information. At the moment there are no details on who was impacted.

A Facebook spokesman said in a statement that they are looking into the breach, but claimed the data was probably harvested before Facebook made recent changes to better protect user information.

Posted on

Uber Settles Largest Multi-State Data Breach Settlement Ever

Marco Rubio Speech On Innovation At Uber's DC Offices

the staff of the Ridgewood blog

Trenton NJ,  Attorney General Gurbir S. Grewal announced today that the ride-sharing company Uber Technologies, Inc. has agreed to pay a total of $148 million to resolve a multi-jurisdiction investigation into a data breach that compromised the personal information of Uber riders and drivers. New Jersey’s share of the recovery is approximately $3.75 million.

Continue reading Uber Settles Largest Multi-State Data Breach Settlement Ever

Posted on

Software Developer Agrees to Settle Investigation into Data Breach Exposing Personal Information of Auto Dealership Customers Nationwide

snowden cyber

Newark NJ, Attorney General Gurbir S. Grewal and the Division of Consumer Affairs today announced a settlement with data management software developer Lightyear Dealer Technologies that resolves the Division’s investigation into a cyber security lapse that allowed unauthorized public internet access to a company database containing personally identifiable information of customers and employees of more than 100 auto dealerships nationwide, including at least four dealerships in New Jersey.

Continue reading Software Developer Agrees to Settle Investigation into Data Breach Exposing Personal Information of Auto Dealership Customers Nationwide

Posted on

Data Breach : Voter records Exposed

VOTE_theridgewoodblog

Report: 191M voter records exposed online

By Katie Bo Williams – 12/28/15 09:50 AM EST

Security bloggers and researchers claim to have uncovered a publicly available database exposing the personal information of 191 million voters on the Internet.

The information contains voters’ names, home addresses, voter IDs, phone numbers and date of birth, as well as political affiliations and a detailed voting history since 2000.

While in most states, voter registration lists are a matter of public record, many have regulations restricting access and use.

For example, South Dakota requires those requesting access to voter data to confirm that the information “may not be used or sold for any commercial purpose and may not be placed for unrestricted access on the internet.”

Security researcher Chris Vickery discovered the breach and reported it to DataBreaches.net, which has since reached out to law enforcement, as well as the California attorney general’s office.

“When one of their attorneys asked, ‘Well how much data are we talking about?’ and I read her the list of data fields and told her that we had access to voter records of over 17 million California voters, her response was ‘Wow,’ and she promptly forwarded the matter to the head of their e-crime division,” writes DataBreaches.net’s anonymous admin.

Steve Ragan, a security blogger for the security and risk management website CSO, has alsoinvestigated the breach, noting that none of the political database firms he identified and reached out to in connection with the database claimed ownership of the IP address where the files are posted.

https://thehill.com/policy/cybersecurity/264297-report-191m-voter-records-exposed-publicly-online

Posted on

Sanders’ campaign threatens to sue DNC

Bernie Sanders

‘They are not going to sabotage our campaign,’ Sanders’ top aide Jeff Weaver said.

By GABRIEL DEBENEDETTI

12/18/15 01:23 PM EST

Bernie Sanders’ campaign on Friday threatened to sue the Democratic Party for suspending its access to the national voter database, saying the move threatens to undermine the Vermont senator’s presidential run.

Jeff Weaver, Sanders’ campaign manager, held a press conference on Friday in which he described how the Democratic National Committee was unfairly choking off the “lifeblood” of the campaign.

The DNC suspended Sanders’ access following the revelation that Sanders staffers improperly reviewed Hillary Clinton campaign data made available as a result of a software error this week by political data technology company NGP VAN.

“Individual leaders of the DNC can support Hillary Clinton in any way they want, but they are not going to sabotage our campaign, one of the strongest grassroots campaigns in modern history,” Weaver said.

“By their action, the leadership of the Democratic National Committee is now actively attempting to undermine our campaign,” he said, calling on the DNC to release its freeze on the campaign’s data, a move that has effectively crippled Sanders’ field operation. “This is taking our campaign hostage.”

Weaver described campaign’s data as “stolen by the DNC” and said he saw a “pattern” of actions suggesting the committee has been helping Clinton. He said he planned to bring the issue to federal court this afternoon if the DNC continues to “hold our data hostage.”

Read more: https://www.politico.com/story/2015/12/sanders-campaign-threatens-to-sue-dnc-216942#ixzz3uhQH37n3

Posted on

It’s Way Too Easy to Hack the Hospital

valley_hospital_theridgewoodblog

Firewalls and medical devices are extremely vulnerable, and everyone’s pointing fingers

By Monte Reel and Jordan Robertson | November 2015

from Bloomberg Businessweek

In the fall of 2013, Billy Rios flew from his home in California to Rochester, Minn., for an assignment at the Mayo Clinic, the largest integrated nonprofit medical group practice in the world. Rios is a “white hat” hacker, which means customers hire him to break into their own computers. His roster of clients has included the Pentagon, major defense contractors, Microsoft, Google, and some others he can’t talk about.

He’s tinkered with weapons systems, with aircraft components, and even with the electrical grid, hacking into the largest public utility district in Washington state to show officials how they might improve public safety. The Mayo Clinic job, in comparison, seemed pretty tame. He assumed he was going on a routine bug hunt, a week of solo work in clean and quiet rooms.

But when he showed up, he was surprised to find himself in a conference room full of familiar faces. The Mayo Clinic had assembled an all-star team of about a dozen computer jocks, investigators from some of the biggest cybersecurity firms in the country, as well as the kind of hackers who draw crowds at conferences such as Black Hat and Def Con. The researchers split into teams, and hospital officials presented them with about 40 different medical devices. Do your worst, the researchers were instructed. Hack whatever you can.

Like the printers, copiers, and office telephones used across all industries, many medical devices today are networked, running standard operating systems and living on the Internet just as laptops and smartphones do. Like the rest of the Internet of Things—devices that range from cars to garden sprinklers—they communicate with servers, and many can be controlled remotely. As quickly became apparent to Rios and the others, hospital administrators have a lot of reasons to fear hackers. For a full week, the group spent their days looking for backdoors into magnetic resonance imaging scanners, ultrasound equipment, ventilators, electroconvulsive therapy machines, and dozens of other contraptions. The teams gathered each evening inside the hospital to trade casualty reports.

“Every day, it was like every device on the menu got crushed,” Rios says. “It was all bad. Really, really bad.” The teams didn’t have time to dive deeply into the vulnerabilities they found, partly because they found so many—defenseless operating systems, generic passwords that couldn’t be changed, and so on.

The Mayo Clinic emerged from those sessions with a fresh set of security requirements for its medical device suppliers, requiring that each device be tested to meet standards before purchasing contracts were signed. Rios applauded the clinic, but he knew that only a few hospitals in the world had the resources and influence to pull that off, and he walked away from the job with an unshakable conviction: Sooner or later, hospitals would be hacked, and patients would be hurt. He’d gotten privileged glimpses into all sorts of sensitive industries, but hospitals seemed at least a decade behind the standard security curve.

 

https://www.bloomberg.com/features/2015-hospital-hack/

Posted on

Ridgewood Police Report Rash of identity Theft

Identity-Theft1

August 6,2015
the staff of the Ridgewood Blog

Ridgewood NJ, Ridgewood Police report that on Tuesday August 4, 2015 a West side resident reported discovering fraudulent charges had been made on one of his/her credit card accounts. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.

Earlier on Monday July 27, 2015 a resident reported that an unidentified actor had opened several credit cards accounts utilizing his/her personal information. The matter is being investigated by the detective bureau. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.

Identity Theft Protection Tips

Identity theft is a crime in which an impostor obtains key pieces of personal identifying information (PII) such as Social Security numbers and driver’s license numbers and uses them for their own personal gain. It can start with lost or stolen wallets, stolen mail, a data breach, computer virus, “phishing” scams, or paper documents thrown out by you or a business (dumpster ).

How can I minimize my risk of becoming an identity theft victim?

As consumers, you have little ability to stop or prevent identity theft. However, there are some positive steps to take which will decrease your risk.

Don’t give out your SSN unnecessarily (only for tax reasons, credit or verified employment.) Before providing personal identifiers, know how it will be used and if it will be shared.

Use a cross-cut shredder to dispose of documents with personal information. Also, use a specialized gel pen when writing out checks.

Place outgoing mail in collection boxes or the U.S. Post Office.

Know your billing cycles and contact creditors when bills fail to show up. Review bank and credit card statements carefully.

Password protect your financial accounts. A strong password should be more than eight characters in length, and contain both capital letters and at least one numeric or other non alphabetical character. Use of non-dictionary words is also recommended.

Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.

Use firewall software to protect computer information. Keep virus and spyware software programs updated.

Reduce the number of preapproved credit card offers you receive: 888-5OPT-OUT

Order your free annual credit reports on-line at: www.annualcreditreport.com or by calling (877) 322-8228

You may also “freeze” your credit report. For more information on this, go to: State Resources

https://www.idtheftcenter.org/Protect-yourself/id-theft-prevention-tips.html

Posted on

Data Breach at Valley Raises Serious Concerns

valley_hospital_theridgewoodblog

May 26,2015
the staff of the Ridgewood blog

Ridgewood NJ, According to the Record updated article ..Last updated: Friday, May 22, 2015, 3:49 PM
“On Friday, hospital officials stressed that their internal records were safe; only the personal information that had been given to the outside billing company by the physician groups who staff their ERs had been compromised. The hospitals were not responsible for hiring the outside billing company.”

So Valley states that their records are safe but your personal billing and credit information was compromised.

Acording to the US Depatment of Health and Human services ; The Office for Civil Rights enforces the HIPAA Privacy Rule, ( The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules )
which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.

So were these third parties in HIPPA compliance and was it HIPPA compliant to share the patient info to begin with?

“All of those were who affected have been notified, said Valley spokeswoman Maureen Curran Kleinman.”

“If you got a letter, Valley recommends that you follow the instructions in the letter – secure your free credit protection,’’ she said. “If you didn’t get a letter, you are not at risk.’’

Article also says “Officials at Holy Name and Englewood Hospital said 1,500 patients at each of their hospitals received warning letters from Medical Management about the breach. ..”Valley, which treats about 73,000 patients in its ER each year, did not provide a number.’”

So the question remains , DID Valley send notice letters of this breach or NOT?? to affected patients in its ER from Feb 2013 to Mar 2015?? Haven’t received any notice, and we’ve used Valley ER 4 times during 2013 to 2014. Dose the breach extend to ALL of Valley Health Care Systems??

One attorney Joseph R. Santoli, Esq contacted us and said he is  handling the data breach case from my Ridgewood law office. 201-926-9200 .

Posted on

Data breach at three Bergen County hospitals involves thousands of patients

valley_hospital_theridgewoodblog

MAY 21, 2015, 5:51 PM    LAST UPDATED: THURSDAY, MAY 21, 2015, 5:56 PM
BY COLLEEN DISKIN AND MARY JO LAYTON
STAFF WRITERS |
THE RECORD

Three Bergen County hospitals are alerting thousands of patients that their personal information may have been stolen by a billing clerk under federal investigation.

Valley Hospital in Ridgewood (pictured), Englewood Hospital and Holy Name Medical Center in Teaneck have informed patients of a data breach.

The Valley Hospital in Ridgewood, Englewood Hospital and Medical Center, and Holy Name Medical Center in Teaneck have informed patients treated in their emergency departments that their names, Social Security numbers and dates of birth may have been illegally given out by a company contracted to handle physician billing, officials said.

An employee at Medical Management, LLC, which provides billing services to 40 providers in several states, worked at the company from Feb. 2013 until March 2015 and copied personal information and illegally passed it on, officials said.

https://www.northjersey.com/news/data-breach-at-three-bergen-county-hospitals-involves-thousands-of-patients-1.1340264

Posted on

Target agrees to pay $10 million to settle lawsuit from data breach

imgres-1

imgres-1

Target agrees to pay $10 million to settle lawsuit from data breach

WASHINGTON Thu Mar 19, 2015 6:19am EDT

(Reuters) – Target Corp (TGT.N) has agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach that consumers say compromised their personal financial information, court documents show.

Under the proposal, which requires federal court approval, Target will deposit the settlement amount into an interest bearing escrow account, to pay individual victims up to $10,000 in damages.

The claims will be submitted and processed primarily online through a dedicated website, according to the court documents.

The proposal also requires Target to adopt and implement data security measures such as appointing a chief information security officer and maintaining a written information security program.

“We are pleased to see the process moving forward and look forward to its resolution,” said Target spokeswoman Molly Snyder.

https://www.reuters.com/article/2015/03/19/us-target-settlement-idUSKBN0MF04K20150319