At a glance.
- UK’s Ministry of Justice discloses major breach.
- Healthcare data breaches affect hundreds of thousands.
- SEC X account hacker sentenced to fourteen months in prison.
UK’s Ministry of Justice discloses major breach.
The UK's Ministry of Justice has disclosed a "significant" breach affecting Legal Aid's online system, with hackers stealing "a significant amount of personal data" belonging to individuals who applied through the service since 2010. The stolen data "may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status, and financial data such as contribution amounts, debts, and payments."
The BBC notes that the breach "covers all areas of the aid system - including domestic abuse victims, those in family cases and others facing criminal prosecution."
According to the Guardian, British authorities believe the hack was carried out by a criminal gang, not a state-sponsored actor.
Healthcare data breaches affect hundreds of thousands.
Enterprise management solutions provider Serviceaide has disclosed a data breach affecting 480,000 patients of Catholic Health, a New York-based non-profit healthcare system, SecurityWeek reports. Serviceaide says an Elasticsearch database it maintains for Catholic Health was mistakenly left public, exposing names, Social Security numbers, dates of birth, medical record numbers, patient account numbers, medical/health information, health insurance information, prescription/treatment information, clinical information, provider names and locations, emails, usernames, and passwords.
Separately, Harbin Clinic, a healthcare system with 27 locations across the state of Georgia, is informing over 210,000 patients that their information was stolen during last year's breach affecting debt collector Nationwide Recovery Services (NRS). The leaked data included names, addresses, Social Security numbers, dates of birth, and financial account information.
SEC X account hacker sentenced to fourteen months in prison.
A 26-year-old Alabama man, Eric Council Jr., has been sentenced to fourteen months in prison for hacking the X account of the US Securities and Exchange Commission (SEC) in January 2024. Council pleaded guilty to his role in carrying out a SIM swapping attack against the mobile phone account associated with the SEC's X account. One of his co-conspirators then used the account to make a fraudulent post that temporarily spiked the price of Bitcoin.
The Justice Department stated, "Council, aka 'Ronin' and 'Agiantschnauzer,' was arrested Oct. 17, 2024, and admitted to receiving about $50,000 to perform SIM swap. He pleaded guilty Feb. 10, 2025, in the District of Columbia to conspiracy to commit aggravated identity theft. In addition to the prison term, U.S. District Court Judge Amy Berman Jackson ordered forfeiture of $50,000 and three years of supervised release with the condition that he not use computers to access the dark web or commit further identity fraud."
