Sergiu Gatlan reports: CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. […] “The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said…
Author: Dissent
UK: ICO fines transgender charity for data protection breach exposing sensitive personal data
Bigger companies may pay bigger fines, but smaller fines do not mean smaller impact when it comes to dealing with sensitive information, as in this case. The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure. The ICO’s investigation began after it received a…
Morgan Stanley reports data breach after vendor Accellion hack
People are first finding out NOW? Look at this timeline, provided by Sergiu Gatlan in his reporting on BleepingComputer: Guidehouse notified Morgan Stanley in May 2021. Guidehouse had been breached in January through the Accellion vulnerability. Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May. Why didn’t Guidehouse discover the…
‘Shut down everything:’ Global Kaseya ransomware attack takes a small Maryland town offline
Chris Velazco and Rachel Lerman report: It was just after 12:30 p.m. on the Friday before the Fourth of July holiday when a warning popped up on Laschelle McKay’s computer screen. McKay, the town administrator for Leonardtown, Md., didn’t even have time to read the whole message before it disappeared and her computer froze. “Everything…
Bug bounties: Here’s how much Microsoft paid out to security researchers last year
Liam Tung reports: Microsoft has revealed it awarded 341 researchers a total of $13.6 million during the past year for reporting security vulnerabilities in its bug bounty programs. The awards were issued between July 1, 2020 and June 30, 2021 and is slightly less than what it paid out in 2019. That year, Microsoft tripled the awards…
UK: Years in jail for Cambridgeshire computer hacker who blackmailed victims
itv reports: A computer hacker from Linton in Cambridgeshire has been sentenced to two and a half years in prison after a number of blackmail and computer offences. Police described 20-year-old Alexander Marsh as ‘manipulative’ after he was caught harvesting personal information, including intimate images from people in Suffolk. Marsh first came to the attention…