Tag archive

data breach

29K Wyomingites’ Data Exposed On Dark Web; Cyber Wyoming Warns Of Risks

in News
17619

***For All Things Wyoming, Sign-Up For Our Daily Newsletter***

By Ellen Fike, Cowboy State Daily

Wyoming residents whose personal information may have been exposed in a T-Mobile data breach are being advised to change the passwords for their telephone accounts by the leader of a Wyoming group working to reduce cyber crime.

Laura Baker, executive director of Cyber Wyoming told Cowboy State Daily on Friday that the information leaked to the “dark web” could allow leave cell phone accounts vulnerable to being taken over by thieves or “Sim swapping.”

“SIM swapping is when the bad actors call your cell phone carrier pretending to be you,” she said. “They impersonate you with breached information like the T-Mobile personally identifiable information and they combine it with social media information that they found about you online.

“When they contact your phone carrier they say that they broke or lost the old phone and need to register a new one,” she continued. “If successful, they will now get all your texts, which includes the texts you get with codes verifying who you are.”

Nearly 30,000 Wyoming residents were among 53 million current, former and prospective T-Mobile clients affected by the August data breach.

Wyoming Attorney General Bridget Hill’s office said this week that a large amount of the information obtained in the breach was discovered for sale on the dark web, a hidden portion of the Internet where criminals buy, sell and track personal information.

Baker advised anyone affected by the breach to go into their phone carrier account, change their password to something difficult that they have never used before and use any two-factor authentication the carrier recommends.

“Some people even have a super secret email address that they only use for validation of this type, instead of using their phone,” Baker said. “Others use a Google Voice phone number so their real cell phone number isn’t published and they can use anonymity to their benefit. Others use password management software.”

She added there are many creative ways people can protect themselves online, but noted that one of the most important factors is to highly secure phone carrier account with the maximum security controls possible.

“Think of it like your bank account,” she said.

Hill also suggested anyone affected by the breach consider placing a free credit freeze on their credit report and to place a fraud alert on their credit report.

The 21-year-old hacker who claimed responsibility for the data breach told the Wall Street Journal last fall that T-Mobile had unprotected routers and that weak spots in the company’s internet addresses that gave him access to over 100 servers.

***For All Things Wyoming, Sign-Up For Our Daily Newsletter***

Wyo Health Department Data Breach Exposes Info From 165K Wyomingites

in News
10386

***For All Things Wyoming, Sign-Up For Our Daily Newsletter***

By Ellen Fike, Cowboy State Daily

The Wyoming Department of Health saw a data breach that exposed the health information of nearly 165,000 Wyoming residents.

The department announced the breach on Tuesday in a release that also detailed its plan to respond.

The department became aware of a breach involving protected health information on March 10, when it discovered a staff member had inappropriately handled the health information of approximately 164,021 Wyoming residents beginning as early as Nov. 5, 2020.

The incident involves an unintentional exposure of 53 files containing coronavirus and influenza test result data and one file containing breath alcohol test results.

These files were mistakenly uploaded to private and public online storage locations, known as repositories, on servers belonging to GitHub.com, an internet-based company that allows users to develop software, control which versions of software they release and manage the software code.

While GitHub.com has privacy and security policies and procedures in place regarding the use of data on its platform, the mistakes made by the WDH employee allowed the information to be exposed, the department said.

The information was also unintentionally disclosed, meaning it was made available to individuals who were not authorized to receive it, on GitHub’s public site as early as Jan. 8.

The exposed health information included the results of coronavirus tests that were electronically reported to the WDH for Wyoming residents, including name or patient identification, address, date of birth, test results and dates of service.

These coronavirus tests could have been performed anywhere in the United States between January 2020 to March of this year.

“While WDH staff intended to use this software service only for code storage and maintenance rather than to maintain files containing health information, a significant and very unfortunate error was made when the test result data was also uploaded to GitHub.com,” said WDH Director Michael Ceballos.

He noted the affected files did not contain Social Security numbers or banking, financial or health insurance information.

WDH started sending notices to some potentially affected individuals on Monday. However, contact information was unfortunately incomplete for many others.

“We are taking this situation very seriously and extend a sincere apology to anyone affected. We are committed to being open about the situation and to offering our help,” Ceballos said.

A special WDH information line dedicated to the incident has been established at 1-833-847-5916. The phone line will be available Monday through Friday, 9 a.m. to 7 p.m. through Aug. 6.

Wyoming residents who received coronavirus or influenza tests anywhere in the United States between January 2020 and March 9 but who do not receive a written notice from the department within the next two weeks should call the information line to learn if their information was involved.

In addition, anyone who received a breath alcohol test performed by law enforcement in Wyoming between April 19, 2012 and Jan. 27 who doesn’t receive a letter should call as well.

“We recognize maintaining personal information privacy is important. Because we want to be extra cautious about this situation, we are offering affected individuals one year of free identity theft protection through IdentityForce,” said Jeri Hendricks, administrator for the WDH Office of Privacy, Security and Contracts.

IdentityForce provides advanced credit and dark web monitoring, along with identity theft insurance and medical identity theft coverage.

To take advantage of the offer, affected individuals can call the WDH information line for an IdentityForce verification code to allow online enrollment for the service.

“Because we are committed to the privacy and security of individuals’ protected health information, we have taken steps to help prevent further harm from this situation or similar circumstances from happening again,” Hendricks said. “Files have been removed from the GitHub repositories and GitHub has destroyed any dangling data from their servers. Business practices have been revised to include prohibiting the use of GitHub or other public repositories and employees have been retrained.”

Hendricks said appropriate corrective action has been taken and the WDH Office of Privacy, Security and Contract’s (OPSC) investigation of this incident is complete.

***For All Things Wyoming, Sign-Up For Our Daily Newsletter***

0 $0.00
Go to Top