At a glance.
- Australian teen arrested for blackmailing Optus breach victims.
- CareOregon accidentally leaks member data.
- City of Tucson discloses data breach.
Australian teen arrested for blackmailing Optus breach victims.
In the latest development in the massive data breach at Optus, leading Australian mobile provider, a teenager has been arrested for allegedly attempting to use the leaked Optus customer data to extort the victims. Over ten thousand records of Optus data stolen in the breach were briefly published last week on a hacker forum, and the 19-year-old is accused of sending texts to the customers who were exposed, demanding that the recipients pay him $2,000 to prevent him from using the data for fraud. “At this stage it appears none of the individuals who received the text message transferred money to the account,” the Australian Federal Police have stated. The Hacker News adds that the suspect has been charged with using a telecommunication network with the intent to commit a serious offense, as well as dealing with identification information, and each charge is punishable by a maximum penalty of ten and seven years in prison, respectively.
CareOregon accidentally leaks member data.
US health insurance agency CareOregon has disclosed an inadvertent data exposure that compromised the data of a subset of their current members. In August marketing letters containing protected health information were accidentally sent to the wrong addresses of over eight thousand members. The exposed data include names and Medicaid numbers, and impacted members have been notified. The breach announcement reads, “Additionally, the investigation confirmed that the organization has the correct policies and procedures in place to address this type of breach and those processes are reviewed yearly. We’ve provided additional training to the employee to make sure this doesn’t happen again.”
City of Tucson discloses data breach.
The City of Tucson, located in the US state of Arizona, suffered a data breach in May that impacted more than 123,500 individuals, Security Affairs reports. According to the data breach notice, “On August 4, 2022, the City learned that certain files may have been copied and taken from the City’s network.” The breach was discovered after suspicious activity involving a user’s network account credentials was detected. The City launched a comprehensive review to determine what data had been impacted and on September 12 determined that certain personal data on the City’s network had been potentially accessed. The compromised data include names, Social Security numbers, driver’s license or state identification numbers, and passport numbers, but the city says it currently has no evidence that the exposed information was misused.