Lawrence Abrams reports that multiple sources inform them that the outages at UK retail giant Marks & Spencer are the result of a ransomware attack by the group known as “Scattered Spider.” Last Tuesday, M&S confirmed it suffered a cyberattack that caused widespread disruption, including to its contactless payment system and online ordering. Today, Sky News reported that the disruption continues,…
EFF Leads Prominent Security Experts in Urging Trump Administration to Leave Chris Krebs Alone
DataBreaches has signed the letter, too, and encourages others to sign it. The administration’s attempts to censor honest reporting just because it disagrees with their political agenda and revenge campaign must stop. April 28 – SAN FRANCISCO – The Trump Administration must cease its politically motivated investigation of former U.S. Cybersecurity and Infrastructure Security Agency…
Russian-linked hackers appear to have launched a crippling cyberattack on Western New Mexico University
Joshua Bowling reports: For nearly two weeks, Western New Mexico University’s website and digital systems have been held hostage by what officials in internal emails have called the efforts of a “foreign hacking group.” The university has not publicly addressed the severity of the attack, but documentation obtained by Searchlight New Mexico indicates that an…
SK Telecom vows to take full responsibility for damage from recent data leak
Oh Seok-min reports on how SK Telecom is attempting to reassure panicked customers following a significant data breach: SK Telecom Co., South Korea’s leading mobile carrier, vowed Sunday to take full responsibility for any damage to customers caused by a recent network hacking incident involving the potential leak of subscriber information. Earlier this month, the…
North Dakota Expands Data Security Requirements and Issues New Licensing Requirements for Brokers
A.J. S. Dhaliwal, Mehul N. Madia, and Beineng Zhang of SheppardMullin write: On April 11, North Dakota enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers. The law amends multiple chapters of the North Dakota Century Code and creates a new data security mandate for financial corporations—a category that includes non-depository entities regulated…
Oregon DEQ won’t say if ransomware group took employee data in cyberattack
Gosia Wozniacka of Oregon Live reports: The Oregon Department of Environmental Quality on Friday declined to confirm or deny reports that a well-known ransomware group stole employee files in a recent cyberattack at the agency. The department faced questions after several cybersecurity websites reported that ransomware group Rhysida is behind the cyberattack at the DEQ…