Hackers Prey On Hospital ICU Restroom, Disrobe Members of Celeb-Nudie Site and Defraud Archdiocese Staff


Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches.

New York Doc Planted Spy Cams in ICU Restroom to Catch Alleged Druggie Coworker

Jeffrey Gould, 32, is accused of hiding two cameras in a bathroom of Crouse Hospital in Syracuse.

The pair of “spy pens” were found in a unisex bathroom located in the facility’s intensive care unit. One camera was taped to the ridge of a trashcan and the other was on a toilet paper dispenser.

A defense attorney said Gould hid the cameras to catch a person who he says stole his GoPro camera and the prescription drug Adderall from a bag he had left in a conference room of the ICU.

Gould had the spy pens delivered overnight and set them up in the bathroom.

“Neither of the hidden cameras was ever pointed at the toilet, and no identifiable people can be seen in the videos until the cameras are discovered,” Syracuse.com reports. A news reporter viewed the images.

None of the footage showed anyone's private areas.

“Gould got the idea for the hidden cameras from his former work as a television investigative reporter, a job he'd held for three years before going to medical school,” according to Syracuse.com.

The doctor admitted what he had done.

Gould believed the thief was possibly a fellow co-worker and that he would catch him using his Adderall in the restroom.

"Gould said he realizes that this was a very stupid move on his part," a police report states. "He wanted (another detective) and I to know that he is not a pervert."

Hackers Punish Celeb Nudie Gawkers

A database was leaked from a forum dedicated to sharing pictures of undressed celebrities, inspired by those stolen from Apple's iCloud in "The Fappening" of 2014.

The bulletin board, which also includes a section titled "Photos of Our Wives," was built off PHP software, programs vulnerable to database hacks.

The information compromised includes usernames, IP addresses, email addresses and passwords, though passcodes were protected by bcrypt hashes.

A security researcher received the data from a contact who seemed to be involved in the trade of leaked information. One email address in the data dump contained a dot-gov suffix.

On April 12, the researcher, Troy Hunt, tweeted the forum was compromised.

He mocked those affected in another tweet that read, “Pro tip too - if you're gonna sign up to a forum like that, perhaps not use your .gov email address...”

Fake School Superintendent Tricks Employee into Releasing Teacher Tax Forms

An email configured to look as though it originated from Olympia School District Superintendent Dick Cvitanich’s work account was sent to one of his staffers. The message asked for a list of employee names, addresses, salary information and Social Security numbers.

At noon on April 12, the employee sent the outside entity the requested information. School officials learned about the fraudulent email, known as a phishing attack, later that afternoon, toward the end of business hours.

Between 5 p.m. and 7 p.m., school officials notified Olympia Police, the Internal Revenue Service, the Attorney General’s Office and the Federal Trade Commission. Officials then sent an email to all employees at about 7:15 p.m.

District employees who received a W-2 form for the calendar year Jan. 1, 2015, through Dec. 31, 2015, are affected by the data breach.

The attacker did not get a hold of students’ information. 

Payroll Hack and Tax Fraud Hits Denver Archdiocese Personnel

A data breach at the Catholic Archdiocese of Denver has put current and terminated employees, as well as their dependents, spouses and beneficiaries at risk of ID theft.

A third-party provider that manages the data reported someone had accessed the payroll system and looked at W-2 information for about 80 individuals last fall.

Names, addresses and Social Security numbers of about 18,000 people are in the impacted database.

All employees were notified last week, after a March spike in the number of personnel reporting tax fraud. The scammed victims were not thought to be affected by the earlier hack.  

The archdiocese suspects the late October 2015 incident involved more people than was originally believed, or that there was an additional breach.

So far, fewer than 50 individuals have reported someone filed a tax return in their name. "There could be some who didn't report back to us," Keith Parsons, chief financial officer of the archdiocese, said.