Secret CISO 3/12: Seattle Library, 'Uber for Nurses' Breaches Affect 113K, PowerSchool, Allstate Face Lawsuits, Researchers Doubt Musk's Cyberattack Claims

Welcome to today's issue of Secret CISO, your daily dose of cyber security news. Today, we're diving into a series of data breaches and security compromises that have affected thousands of individuals and organizations worldwide.
First up, the Seattle Public Library suffered a ransomware attack that impacted nearly 27,000 people, including staff members whose Social Security numbers and healthcare details were compromised. In another incident, an 'Uber for nurses' exposed over 86,000 medical records and personally identifiable information (PII) in an open S3 bucket for months. The exposed data included scanned driver's licenses and social security cards of nurses.
Meanwhile, a report reveals that the majority of ransomware claims involved the compromise of perimeter security devices, highlighting the increasing abuse of security tools by hackers to gain access to systems during attacks. In the education sector, the Wisconsin District is suing Ed Tech Giant PowerSchool following a massive data breach, alleging breach of contract. In legal news, Attorney General James is suing National General and Allstate over data breaches that exposed the data of 165,000 New Yorkers. The lawsuit accuses the companies of failing to protect consumer data and neglecting to notify affected individuals. In healthcare, a cyberattack on Sunflower Medical Group affected 221,000 patients, while a data breach at the Rivers Casino impacted patrons in Philadelphia and Pittsburgh. In the UK, a study reveals that over half of the organizations experienced a security breach resulting from third-party access in the past year.
Finally, Bank of America is warning customers of a data breach following a document handling mishap, and vacationers can get up to $15,000 from a 'resort' data breach $45 million settlement. Stay tuned for more updates on these stories and other breaking cyber security news. Stay safe and secure!
Data Breaches
- Seattle Public Library Data Breach: A ransomware attack on the Seattle Public Library last year impacted nearly 27,000 individuals, including staff members whose Social Security numbers and health care information were compromised. The breach underscores the vulnerability of public institutions to cyber threats. Source: Seattle Times
- 'Uber for Nurses' Data Exposure: A platform dubbed as 'Uber for nurses' exposed over 86,000 medical records and personally identifiable information (PII) in an open S3 bucket for several months. The exposed data included scanned driver's licenses, social security cards, and work schedule logs. Source: The Register
- PowerSchool Data Breach: Wisconsin District has filed a lawsuit against Ed Tech giant PowerSchool following a massive data breach. The lawsuit alleges breach of contract and negligence, with potential for multiple class action lawsuits to be merged. Source: The 74
- Data Breaches at National General and Allstate: Attorney General James has filed a lawsuit against National General and Allstate over data breaches that exposed the data of numerous consumers. The companies are accused of failing to protect consumer data and neglecting to notify affected individuals. Source: Finger Lakes 1
- Bank of America Data Breach: Bank of America has warned some customers of a potential data breach following a document handling mishap by a third-party vendor. The bank has offered identity theft protection to affected customers as a precautionary measure. Source: Washington Times
Security Research
- Was it a cyberattack that led to global outage of X? Security researchers doubt Elon Musk's claims: Researchers suggest that the global outage of Elon Musk's X may have been due to the platform's own security flaws rather than a cyberattack. There is little evidence to support Musk's claims of a cyberattack. Source: Moneycontrol
- Microsoft's Patch Tuesday reports 6 flaws already under fire: Microsoft's recent Patch Tuesday revealed six critical flaws, including a CVSS 7.8 flaw in Office. Security researchers are still trying to understand the implications of these vulnerabilities. Source: The Register
- Believe the Hype About Quantum Security: Report: A report by IDC suggests that end users are often unaware of what is being protected by cryptography. The report emphasizes the importance of quantum security in protecting sensitive data. Source: TechNewsWorld
- Microsoft's March Patch Tuesday fixes 67 flaws, including 6 zero-days: Microsoft's latest Patch Tuesday addressed 67 vulnerabilities, including six zero-days. The vulnerabilities are believed to be under active attack, highlighting the importance of timely patching. Source: SC Media
- YouTubers Blackmailed Into Promoting Crypto Mining Malware: Kaspersky: Cybercriminals are evolving their tactics, as evidenced by a recent scheme in which YouTubers were blackmailed into promoting crypto mining malware. This highlights the need for increased vigilance and security measures. Source: Decrypt
Top CVEs
- CVE-2025-24043: A flaw in .NET's cryptographic signature verification allows an authorized attacker to execute code. This vulnerability is due to improper verification of the cryptographic signature. Source: CVE-2025-24043
- CVE-2025-24997: A null pointer dereference in Windows Kernel Memory can lead to denial of service by an authorized attacker. This vulnerability is due to improper handling of null pointers. Source: CVE-2025-24997
- CVE-2025-24201: An out-of-bounds write issue was addressed with improved checks in visionOS, iOS, iPadOS, macOS Sequoia, and Safari. Maliciously crafted web content may be able to break out of Web Content sandbox. Source: CVE-2025-24201
- CVE-2025-26629: A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code. This vulnerability is due to improper handling of memory. Source: CVE-2025-26629
- CVE-2024-45324: A vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS. This vulnerability is due to the use of an externally-controlled format string. Source: CVE-2024-45324
API Security
- CVE-2025-2219 - LoveCards LoveCardsV2 Unrestricted Upload Vulnerability: A critical vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2, affecting the /api/upload/image file. The issue allows unrestricted upload due to the manipulation of the argument file, which can be initiated remotely. The vendor has not responded to this disclosure. Source: CVE-2025-2219
- CVE-2025-2233 - Samsung SmartThings Authentication Bypass Vulnerability: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. The flaw exists within the Hub Local API service, which lacks proper verification of a cryptographic signature. Source: CVE-2025-2233
- Rembg CORS Misconfiguration: Rembg, a tool to remove images background, has a CORS middleware setup incorrectly in versions 2.0.57 and earlier. This allows any website to send cross site requests to the rembg server and query any API. Source: Rembg CORS Misconfiguration
- CVE-2025-28886 - xjb REST API TO MiniProgram CSRF Vulnerability: A Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. Source: CVE-2025-28886
- CVE-2025-27602 - Umbraco's Web Backoffice API Access Control Issue: In versions prior to 10.8.9 and 13.7.1, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. Source: CVE-2025-27602
Sponsored by Wallarm API Security Solution
Final Words
That's it for today's edition of the Secret CISO newsletter. We've covered a range of stories, from the Seattle library ransomware attack affecting nearly 27,000 people to the 'Uber for nurses' exposing over 86,000 medical records. Remember, cybersecurity isn't just about protecting systems, it's about safeguarding the digital lives of people.
Share this newsletter with your friends and colleagues to keep them in the loop about the latest threats and security practices. Stay safe, stay informed, and see you in the next edition of Secret CISO.