InfoSecBulletin Cybersecurity for mankind
Cybersecurity researcher Jeremiah Fowler found an unprotected database with 957,434 records belonging to an Ohio organization that assists people in obtaining certified medical marijuana cards. The database contained personal information, including PII, driver’s licenses, medical records, Social Security numbers, and other sensitive data.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The publicly exposed databases were not password-protected or encrypted and contained 957,434 records with a total size of 323 GB.
A limited review of exposed records revealed high-resolution images of driver’s licenses and identification documents showing names, addresses, dates of birth, and license numbers. The folders were labeled with patients’ names and included intake forms, medical records, release forms, physician certifications with Social Security numbers, mental health evaluations, and identification documents from various states. These documents reflected the patients’ diagnoses and their reasons for seeking medical marijuana prescriptions.
Internal files indicate that the records are from an Ohio-based company, Ohio Medical Alliance LLC (OMA), which operates under the brand “Ohio Marijuana Card.” This company is a telemedicine and in‑person provider that helps clients obtain physician‑certified medical marijuana cards. OMA facilitates evaluations for a wide range of qualifying health conditions through state‑licensed doctors.
After sending a responsible disclosure notice to OMA the database was restricted from public access the following day and no longer accessible.
OMA has assisted over 330,000 patients across the country in obtaining medical marijuana. They have clinics in Ohio, Arkansas, Kentucky, Louisiana, and Virginia.
CISA Adds Actively Exploited Trend Micro Apex One Vulnerability
