Stay up-to-date on what is happening with privacy laws, as well as stories about leaks of private information from security breaches in the public and private sector. Ironwall by Incogni has provided emergency services to individuals, businesses, police organizations and courts in the wake of hacking incidents and ransomware attacks.
Last updated: December 18, 2024
To Our Friends in the Media
If you are a member of the media and would like more information about any of these stories, or input from our CEO on privacy laws, the danger of privacy hacks, or how online privacy protection works, please contact us at [email protected].
Phishing and Ransomware Attacks
Ransomware Attack on Texas Health Centers Exposes 1.4M+ People
The leaked information includes patient names, dates of birth, addresses, Social Security numbers, driver's license numbers, government-issued identification numbers, financial account information, health insurance information, and medical information.
Phishing Attacks Double in 2024
A sharp increase in phishing attacks, including a 202% rise in overall phishing messages in the second half of 2024, has been identified by cybersecurity experts. According to SlashNext’s 2024 Phishing Intelligence Report, a substantial 703% surge in credential phishing attacks was also observed in the same period. Key findings from the study reveal that users encounter an average of one advanced phishing attack per mailbox every week. Mobile users face up to 600 threats annually, underscoring a shift away from email-only phishing to multichannel approaches.
Rhode Island confirms data breach after Brain Cipher ransomware attack
The incident was discovered on December 5, 2024, and following an evaluation by Deloitte, it is considered very likely that hackers stole files containing personally identifiable information and other data. Although the data that has been exposed remains under evaluation, Deloitte says it may include names, addresses, dates of birth and Social Security numbers, and certain banking information.
Anna Jaques Hospital ransomware breach exposed data of 300K patients
Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 310,000 patients. The threat actors leaked data samples allegedly stolen from Anna Jaques on their dark web extortion site, threatening to expose sensitive patient information if their demands weren't met.
5 million U.S. credit cards were just leaked online — how to stay safe and what to do next
Not all of the personal and financial information that ends up online is the result of a data breach carried out by hackers. Instead, there are also data leaks where sensitive info is exposed as a result of negligence when a database is left unsecured without a password.
As discovered by the security team at LEAKD, 5 million U.S. credit card details and other sensitive data was found in an AWS S3 bucket that could have been accessed by anyone online.
Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack
Blue Yonder provides an end-to-end supply chain platform and claims to have over 3,000 customers across 76 countries, including retailers, manufacturers and logistics services providers. Several high-profile customers have confirmed being impacted by the service disruptions at Blue Yonder. One of them is Starbucks, which said the incident impacted its ability to pay baristas and manage employee schedules.
Hoboken, N.J. hit with ransomware cyberattack, officials say
The City of Hoboken was targeted in a ransomware attack Wednesday morning, officials said. The cyber attack forced the closure of City Hall, and shut down online city services.
Corrupted Microsoft Word files used to launch phishing attacks
Cybercriminals have found a new and creative way to sneak phishing emails past your online defenses and into your inbox, experts have warned. A new report from cybersecurity researchers Any.Run observed crooks distributing corrupted Microsoft Word files in their campaigns. Most phishing emails come with an attachment. That file can either be malware itself, or can contain a link to a malicious website, or download.
PIH Health suffers a ransomware attack
PIH Health reported they were hit by a ransomware attack on Sunday, interrupting phone and internet service. They say no patients are in danger, and all operations are in place, just slow administratively due to the network interruption.
Your Netflix account is not suspended – how to avoid the latest SMS scam
If you’ve recently received an SMS about your Netflix account being suspended, chances are it’s a scam. Fraudsters are targeting phone numbers in 23 countries with a new text message campaign, trying to swindle Netflix users out of their account credentials and payment information.
Ransomware Attack on Oklahoma Medical Center Impacts 133,000
Great Plains Regional Medical Center in Oklahoma is notifying over 133,000 individuals that their personal information was compromised in a ransomware attack.
Cyber insurance demand surges as ransomware targets businesses of all sizes
As more companies begin to understand their exposure, Ritchie sees an increasing uptake in cyber insurance policies. However, the process of convincing businesses to invest in cyber coverage often involves educating them on the specific vulnerabilities they face. One effective method is to present potential clients with a detailed analysis of their risk profile.
Aspen Healthcare Services Announces Data Breach Following Ransomware Attack
On November 18, 2024, Aspen Healthcare Services (“Aspen Healthcare”) filed a notice of data breach with the Attorney General of Texas after discovering that the company was targeted in a ransomware attack. In this notice, Aspen Healthcare explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, addresses, insurance IDs, health records, and Social Security numbers.
Phishing scheme led to $2.2 million taken from Grand Forks Public Schools
The business manager of Grand Forks Public Schools said Monday the $2.2 million swindled from the district earlier this year was taken in a phishing scheme. In a phishing attack, attackers deceive employees into revealing sensitive information or installing ransomware or malware.
Threats Against Judges
Violence against judges is on the rise. Proposed protections are needed now
Violence toward judges and court personnel has skyrocketed. In 2023, the U.S. Marshals Service investigated 457 threats against federal judges compared to 224 threats in 2022 — an alarming increase.
Michigan man agrees to plea for threatening U.P. prosecutor, judge
In February 2024, Milam threatened the lives of an assistant prosecutor in the Chippewa County Prosecuting Attorney’s Office and a 50th Circuit Court judge in Chippewa County who were handling cases against him.
Travis County judges, officials get $500K in security funds as DA José Garza faces battles
Two local judges – one shot in her driveway in a 2015 assassination attempt and another who presided over the globally watched Alex Jones defamation trial two years ago – made a public pitch to Travis County commissioners last month. In an open meeting, they asked the county to grant taxpayer funds to help county judges and other elected officials protect their homes, citing rising threats. District Judges Julie Kocurek and Maya Guerra Gamble provided examples, including what Guerra Gamble said were “several” instances in the past five years in which litigants showed up “on their front doors.”
Cook County judge removed from domestic violence cases due to threats against him
A Cook County domestic violence judge, already under fire for releasing a man who later allegedly killed his wife, has now been removed from cases involving domestic violence due to threats directed at him. The Office of Cook County Chief Judge Timothy Evans said Tuesday evening that Judge Thomas Nowinski "is not currently hearing cases involving domestic violence or orders of protection" due to "anonymous threats" against him.
Privacy Laws
Democrats push to protect the data privacy of people seeking abortions
Democrats at the federal and state levels are pushing to pass bills protecting sensitive reproductive health data before Republicans take control of key legislative chambers.
Georgia lawmakers propose sweeping AI policies, privacy and ethics laws
Tuesday’s report includes recommendations for adopting a data privacy law, AI use disclosure requirements, and an updated law against the use of deepfakes for election interference, which includes “transparency and labeling.” A similar law did not pass the last legislative session.
Judges Push for Action to Combat Increasing Threats Against Judiciary
“Threats against judges—state, federal and otherwise—have risen exponentially,” U.S. District Chief Judge Mitchell Goldberg of the Eastern District of Pennsylvania said during a webinar Monday. “They've gone through the roof, to be more plain-spoken about it."
2024 Privacy Legislative Roundup
2024 was a banner year for state privacy legislation. This year saw seven new states pass comprehensive consumer privacy laws, joining the ranks of 12 other states that have previously passed similar laws. While other state laws followed a general pattern with marginal variances in definitions and applicability thresholds, these new seven laws contain additional requirements and nuance that separate them from the pack.
GoodRx Agrees to Pay $25 Million Settlement for Privacy Violations
The telehealth and prescription drug discount provider, GoodRx, recently agreed to pay $25 million to settle class action claims originating from the company’s unauthorized disclosure of consumers’ personal health information, according to recent filings with the U.S. District Court for the Northern District of California. The class action alleges that GoodRx violated federal wiretapping statutes, consumer protection laws and privacy rights stemming from the company’s use of website tracking technologies and unauthorized sharing of consumers’ health information with Meta Platforms, Google and Criteo for ad purposes.
Gavel to Gavel: Court and judicial security legislation in 2024
This year alone, over 60 pieces of legislation were introduced across 24 states to address court and judicial security concerns. Among those bills, 11 made their way into law or to a governor’s desk this year.
Nebraska’s Consumer Privacy Law Takes Effect Soon and Targets Businesses Selling Personal Data
Nebraska Governor Jim Pillen (R) signed the Nebraska Data Privacy Act (or NEDPA) into law in April. NEDPA becomes effective on January 1, 2025 – the same day as similar laws going live in Delaware, Iowa, and New Hampshire. This relatively short period between signature and effective date left little time for impacted companies to prepare; however, Nebraska’s approach to applicability criteria has cast a specifically tailored net focused on businesses selling personal data of Nebraska residents.