Foreign Actors Suspected in Hack of D.C. Obamacare Exchange, Theft of House Members’ Personal Data

A malign foreign actor could be behind the theft of personally identifiable information of hundreds of House members and staff in the hack of an Obamacare health insurance exchange in the nation’s capital, according to the chair of the House Administration Committee.

Lawmakers and their staff were notified a few days ago by the House chief administrative officer of the hack of the D.C. Health Link exchange.

Read the full story

Virginia Gets $346K in Settlements over 2015 Equifax/T-Mobile Data Breach

Virginia will get $346,085.82 of more than $15 million from multi-state settlements with Experian and T-Mobile after a 2015 data breach of information from the companies’ customers.

“The 2015 data breach affected hundreds of thousands of Virginians, putting their personal information at risk. Companies like T-Mobile and Experian have a responsibility to ensure the safety of consumers’ information, and when they fail, they have to be held accountable,” Attorney General Jason Miyares said in a Monday press release.

Read the full story

Data Recovery Center in Vicinity of Nashville Bombing No Longer Owned by Silver Lakes – the Parent Company of Compromised SolarWinds

Following the Nashville bombing, a viral post alleged a connection between SunGard, a nearby data facility, and SolarWinds’ parent company, Silver Lake. However, Silver Lake only owned SunGard from 2005 until 2015. After that, Fidelity National Information Services (FIS) assumed control once SunGard filed for bankruptcy. Since 2017, Silver Lake hasn’t held any shares in FIS.

“Please help dig on Solar[W]inds, SunGard data center, and 211 Commerce Street in Nashville,” wrote Ron Watkins, former 8Kun administrator. “Interested in finding correlations between these subjects.”

Read the full story

Foundation Says Breach of Unemployment Claimants’ Data Causes Loss of Public Trust in Ohio Government

With the data breach exposing the information of unemployed Ohioans, one foundation is saying that the government’s failure to address known flaws with the benefits system means the public has lost trust in the state.

Deloitte Consulting is handling pandemic unemployment assistance claims for the Ohio Department of Job and Family Services. At least 130,000 independent contractors who filed 1099 forms but have not yet received benefits had their information, including addresses and social security numbers exposed on the Deloitte system, WLWT reported.

Read the full story

Watchdog: US Agency Error Exposes 2.3 Million Disaster Survivors to Fraud

Reuters   The U.S. Federal Emergency Management Agency (FEMA) exposed 2.3 million disaster survivors to possible identity theft and fraud by sharing sensitive personal information with an outside company, according to an internal government watchdog. The U.S. Department of Homeland Security’s Office of Inspector General (OIG) said FEMA had shared financial records and other sensitive information of people who had participated in an emergency shelter program after being displaced by hurricanes Harvey, Irma and Maria and the California wildfires in 2017. The Inspector General’s office said FEMA had shared participants’ home addresses and bank account information with the contractor, along with necessary information like their names and birthdates. That “has placed approximately 2.3 million disaster survivors at increased risk of identity theft and fraud,” the Inspector General’s office said in a report. The name of the contactor was redacted. In a statement released on Friday, FEMA spokeswoman Lizzie Litzow said the agency had found no indication to suggest survivor data had been “compromised.” She said the agency has removed unnecessary information from the contractor’s computer systems. But FEMA’s review only found that the contractor’s computer systems had not been breached within the past 30 days because it did not keep…

Read the full story

Google+ to Shut Down After Data Breach Cover-Up Exposed

by Gavin Hanson   Google announced the end of its social platform Google Plus after a Monday Wall Street Journal report detailed the cover-up of a breach that exposed users’ data. In a breach described as “Cambridge Analytica-style” by Financial Times social media and cyber security reporter Hannah Kuchler, Google Plus user data was exposed for hundreds of thousands of users. The WSJ report indicated that for a period of three years, personal data was accessible by hackers without a single indication from Google Plus or Google’s holding company, Alphabet, that anything was amiss. Google published a blog post Monday to explain the breach and the “sunsetting” of Google Plus. Google Plus has been partitioned into different functions since it became clear in 2015 that the app would not be able to compete with Facebook. Though some smaller portions of Google Plus will continue on, its consumer aimed, main portion is due to shut down over the course of the coming months. “To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data,” Ben Smith, a Google fellow…

Read the full story

REPORT: Federal Website Was Displaying People’s Social Security Numbers For WEEKS

by Anders Hagstrom   A federal government transparency website had been unwittingly displaying at least 80 full or partial social security numbers (SSN) for weeks before taking them down, CNN reported Sunday. The error came in a Freedom of Information Act (FOIA) request portal, causing many people who submitted FOIA requests to have their SSNs revealed on the website, CNN reported. In many cases, the website, foiaonline.gov, revealed more information than just an SSN, also publishing dates of birth, immigrant identification numbers, addresses and contact details. The government was unaware of the problem and cited a glitch when CNN reached out for comment. “Recently it was discovered that [SSN] information in some records was exposed to the public,” an internal email obtained by CNN read. “The PMO [Primary Management Office] has identified the cause of this issue and this afternoon implemented program fixes that resolved the problems. This issue will shortly be publicized by the press. It will also be reported that after our fix, that some names and addresses still do appear in publicly available FOIAonline records. A review by the PMO has found that this information has been marked as publicly viewable by the reporting agencies. It is requested that partner…

Read the full story

Attorney: Former IT Aide Imran Awan Deserves No Jail Time Because Trump, Republicans ‘Were Mean’

DNC-Imran-Awan-Wasserman-Schultz

by Luke Rosiak  – Former House IT aide Imran Awan’s attorney, Chris Gowen, filed a memo asking that his client serve no jail time for his bank fraud conviction.  – He told an Obama-appointed judge that Trump is an “incoherent,” “desperate” president of the “Untied States.”  – He asked for lenience by saying that Republican congressmen are “pathetic.” An attorney filed a sentencing memo on behalf of former House IT aide Imran Awan, claiming that President Donald Trump, other Republicans, and “conspiratorial media” attacks serve as a sufficient substitute for jail time for his client’s bank fraud conviction. Attorney Chris Gowen, a former aide to Hillary Clinton, argued to Judge Tanya Chutkan, a President Barack Obama-appointee, that Imran should be spared jail, in part because of Trump, who engaged in “incoherent rambling” about the former IT aide. “Considering … the conduct of several government officials, including the president of the United States, Imran Awan respectfully requests this court to sentence him to time served with a fine of $4,004,” Gowen wrote in the sentencing memo filed Wednesday. Imran pleaded guilty to lying on a loan application on July 3. He was also banned from the House network in February 2017 after congressional investigators alleged he…

Read the full story

Medicaid Hack Compromised Patients’ Names, Medical Conditions: Florida Health Officials

Medicaid recipients may have had their diagnoses and medical conditions exposed as the result of a recent security breach, Florida health officials warned Friday. An employee with the state’s Agency for Health Care Administration (AHCA) recently opened a malicious phishing email that potentially compromised the personal information of tens of thousands of Medicaid patients, the agency said in a statement.

Read the full story