At a glance.
- New York tax scammer sentenced for child data theft ring.
- Update on Cisco cyberattack.
- Thousands exposed in US college data breach.
New York tax scammer sentenced for child data theft ring.
On Monday US man Ariel Jimenez was sentenced to twelve years in prison for using a fake tax preparation company as a front for selling the stolen identities of thousands of children on welfare and helping individuals to claim fraudulent tax credits. Bleeping Computer reports that Jimenez supplied his clients with data stolen from minors by a New York City's Human Resources Administration fraud investigator in order to add the children as fraudulent dependents on their tax returns. Court documents explain, "The investigation by IRS-CI has revealed that the defendants engaged in large-scale identity theft and tax fraud schemes through which (a) identifying information of minors, including names, dates of birth, and SSNs, was obtained, including through payments to a corrupt New York City employee." Jimenez charged his clients a cash fee in addition to his tax preparation charges, and in some years raked in over $1 million as a result. In addition to his prison sentence, Jimenez has been ordered to forfeit over $58 million as well as several Bronx real-estate properties. US Attorney Damian Williams commented, “Today's sentence holds Jimenez accountable for brazenly selling the identities of children to his customers for his own profit.”
Update on Cisco cyberattack.
As we noted yesterday, networking giant Cisco confirmed that a recent data breach was a failed ransomware attempt carried out by the Lapsus$ ransomware gang. Today IT Pro reports that Cisco has confirmed that data published by Yanluowang ransomware gang, which has ties to Lapsus$, was stolen from the firm during a May attack. Cisco explains, “On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files match what we already identified and disclosed.” According to the company, the stolen data consisted of non-sensitive files stolen from a compromised employee email account. Cisco says the breach did not compromise any sensitive customer or corporate data and has had no impact on company operations. The hackers, however, tell a different story, alleging that they obtained 55GB worth of files including classified documents, schematics, and source code. So far the threat actors' claims have been unverifiable.
Thousands exposed in US college data breach.
California public community college Napa Valley College (NVC) is notifying nearly eight thousand individuals that their data was potentially exposed in a June ransomware attack. GovTech reports that as soon as the school became aware of the attack, administrators shut down the network and launched an investigation with a third-party forensic firm. In August the investigation confirmed that "a limited amount of personal information may have been accessed by an unauthorized third party in connection with this incident." The notification letter states that the compromised data includes first and last names and Social Security numbers, but it’s unclear whether the victims were employees, students, faculty, or a combination therein.