Drupal Breach Leads Roundup

Unauthorized Access Leads to Password Reset
Drupal Breach Leads Roundup

In this week's breach roundup, Drupal.org, an open-source content management framework provider, has reset all account-holder passwords after the organization discovered unauthorized access to account information. Also, Champlain College in Burlington, Vt., is notifying 14,000 students about a security incident.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Drupal Resets Passwords After Breach

Drupal.org, an open-source content management framework provider, has reset all account-holder passwords after the organization discovered unauthorized access to account information.

Information exposed included usernames, e-mail addresses and country information, as well as hashed passwords. An investigation is ongoing to determine if other information was compromised, Drupal says in a statement.

The intruders installed third-party software on the Drupal.org server infrastructure, which led to the access, according to the statement.

"The notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally," the statement says.

Drupal.org passwords are both hashed and salted, the organization said, although some older passwords on some subsites were not salted.

The organization didn't specify how many users were affected.

College Reports Misplaced Drive

Champlain College in Burlington, Vt., is notifying about 14,000 students that a thumb drive containing their names and Social Security numbers was misplaced in a campus computer lab.

The college has no evidence of any misuse of the information stored on the device, which eventually was returned to the information systems department, according to a statement posted to the college's website.

Information on the drive was provided to the college's admissions and financial aid offices from 2010 to 2013.

The college is offering affected students free credit monitoring services for a year.

Improper Records Access Prompts Notification

Bon Secours Hampton Roads Health System in Suffolk, Va., is notifying about 5,800 patients about a breach involving improper access to medical records.

During an April audit of a patient's medical record, the health system identified suspicious access, according to a statement on the health system's website. An investigation determined that two members of the patient care team accessed patients' medical records in a manner that was "inconsistent with their job functions and hospital procedures, and inconsistent with the training they received regarding appropriate access of patient medical records," the statement said.

The employees have been terminated, the hospital said.

Information that was inappropriately accessed includes patient names; dates and time of service; provider and facility names; internal hospital medical record and account numbers, which may have included Social Security numbers; dates of birth; and treatment information, such as diagnoses, medications and vital signs.

The healthcare system is offering affected patients free credit monitoring services for one year.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.