Weekly Breach Roundup

Federal Pension Plan Hacked; University Breach Affects 650,000
Weekly Breach Roundup

In this week's breach roundup, a retirement savings plan for federal employees was hacked. Also, the University of Nebraska experienced a breach that affected 650,000 students and others.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Pension Hack Exposed 123,000 Accounts

A sophisticated cyberattack last summer aimed at a computer linked to the Federal Retirement Thrift Investment Board's Thrift Savings Plan is believed to have exposed personal information about as many as 123,000 pension participants.

David Land, an IT security expert and former Cyber Counterintelligence Officer for the Oak Ridge National Laboratory and the U.S. Department of Energy, says the length and description of the attack point to something much more serious. Many of the federal employees and service members hit by the breach likely have security clearance to highly sensitive and classified data, Land says. "This intrusion has some very significant implications and potentially down the road ramifications," he says. "Were I to guess, this was likely a foreign-state-sponsored effort to gain intelligence and potential targeting information."

U of Nebraska Breach Affects 650,000

The University of Nebraska has reported a breach involving unauthorized access to a database containing information on more than 650,000 students and others. The hacked database stored personal information, including Social Security numbers, addresses, course grades and other details for students, alumni and applicants. Other information that may have been exposed includes certain personal and financial information for parents of students who applied for financial aid, as well as university employees.

N.J. Mayor Accused of Hacking Website

Mayor Felix Roque of West New York, N.J. has been charged, along with his son, with hacking into a website criticizing his administration and accessing information without permission. A complaint filed with the U.S. District Court of New Jersey states Roque and his son accessed e-mail accounts and proceeded to cancel the Internet domain account www.recallroque.com by accessing the website owner's account at web-hosting service Go Daddy.

Patient Info Compromised in Fraud Scheme

Phoebe Putney Memorial Hospital in Albany, Ga., is notifying patients of a fraud scheme involving a former hospital employee. The employee accessed patients' names, dates of birth and Social Security numbers between June 2010 and April 2012 with the intent to file fraudulent tax returns, according to a notice posted to the hospital's site.

No medical records were taken, the hospital said. Patients affected include those who were treated by Phoebe Home Health between July 2005 and April 2012; the number of affected individuals was not revealed. Privacy policies and staff procedures have been refined as a result of the incident. The notice doesn't say if any fraudulent tax returns were filed.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.