At a glance.
- Genealogical software database exposed.
- Netwalker ransomware hits healthcare provider.
- More confirmation of property management firm breach in New Zealand.
- A pager hack in West Australia.
Exposed database belonged to genealogical search company.
WizCase reports finding an unencrypted and openly accessible ElasticSearch database exposed online. The server belongs to Software MacKiev, which also maintains the Family Tree Maker software, which "syncs user data of a widely-known family history search platform, Ancestry." The database included email addresses, internal system user IDs, subscription type and status, refunds (if any), timestamps, user location data, IP addresses, user support messages, and assorted technical data. Most of the 66,000 affected individuals are in the United States.
Ransomware infestation at Lorien Health Services.
Lorien Health Services, based in the US state of Maryland, has disclosed that on June 6th it detected an attack with Netwalker ransomware. Lorient operates eldercare facilities, and said that personally identifiable information of both residents and staff were accessed. The information breached included "residents’ names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information." A total of 47,754 individuals were affected. Residents whose data were taken were notified by letter on June 16th. BleepingComputer says that, as is now customary in ransomware attacks, the Netwalker gang stole the information before they encrypted it, and have begun to leak it online to increase the pressure on Lorien to pay.
A second researcher confirms LPM breach.
Another researcher has found information collected in the course of business by Lambton Property Management, TVNZ News reports. The New Zealand firm says that it still has the incident, a database exposed through misconfiguration, under investigation. It's unclear who other than the two researchers may have gained unauthorized access to the data.
Teen spirit and obsolescent communication networks.
West Australia's Health Department suffered a data breach that included confidential information, including names and other details about patients undergoing treatment for COVID-19. The Australian Broadcasting Corporation says that the data were obtained and posted online by a fifteen-year-old boy who intercepted pager communications. The young man has been visited by the police, but it's not yet known whether he'll face any charges. West Australian Premier Mark McGowan explained, "It was a person under the age of 16 who obviously spends a lot of their life online, and did this sort of thing as some young people do."
The most interesting aspect of the story is the risk associated with using obsolescent and generally superseded modes of communication. Premier McGowan said he had no idea people were still using pagers, and Mr. McGowan surely isn't alone in that respect.