Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
ISIS urged supporters online to attack the named troops and other government employees.
According to a complaint filed in the Eastern District of Virginia, Ardit Ferizi, a citizen of Kosovo, in June hacked into a server used by an unnamed U.S. online retail company.
Later in the summer, he sent the details of about 1,351 military and other government personnel to the Islamic State, “knowing that ISIL would use the [data] against the U.S. personnel, including to target the U.S. personnel for attacks and violence,” said the complaint, signed by FBI Special Agent Kevin M. Gallagher.
Ferizi allegedly passed the data to Islamic State member Junaid Hussain, a British citizen who in August posted links on Twitter to the names, email addresses, passwords, locations and phone numbers of 1,351 U.S. military and other government personnel.
Later in August, Hussain was killed in a drone strike.
It is unclear if a newly disclosed episode of alleged Russian espionage is related to a previous lower-grade hack into subscriber contact information announced a week ago.
This time, the hacker group apparently stole information from Dow Jones servers to trade on the data before it became public.
The FBI, Secret Service and Securities and Exchange Commission began an investigation into the matter at least a year ago.
A prolific Islamist hacker condemned the online blog, which features posts and images involving graduate students having sex.
"But despite its name, Adult Mag isn’t a porno site so much as it’s a sort of literary salon hosted in the back room of an American Apparel," Gawker reports.
The website had been vandalized for nearly a week, as of Oct. 15.
The state Department of Health and Human Services says an agency employee "inadvertently sent an email to the Granville County Health Department without first encrypting it."
The email contained a spreadsheet with each patient's first and last name, Medicaid identification number, provider name and provider ID number, and other information related to Medicaid services. The data also included two Social Security numbers, belonging to patients who use them as Medicaid ID numbers.
The agency mailed out notification letters to affected patients Oct. 16. The security lapse happened Aug. 19.