Update: And this is why we said “allegedly” and “unconfirmed.” CCC responded to yesterday’s inquiry with the following reply: Credit Control Corporation is not currently the subject of any data breach or security incident referenced in your message. The original post appears below for context. A seller on a forum claims to have data on 9.1…
Author: Dissent
Copilot AI Bug Could Leak Sensitive Data via Email Prompts
Rashmi Ramesh reports: A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The vulnerability in Microsoft 365 Copilot allowed attackers to extract sensitive data through a zero-click prompt injection attack, said researchers from Aim Security. Dubbed “EchoLeak” and tracked…
FTC Provides Guidance on Updated Safeguards Rule
Today, the FTC released Frequently Asked Questions that discuss the requirements of the Safeguards Rule, which was mandated by the Gramm-Leach-Bliley Act, and how it specifically applies to motor vehicle dealers. The FTC is committed to providing certainty to the marketplace and ensuring that it administers its regulations in a manner that minimizes burden to legitimate businesses. To…
Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
Hiring employees who work remotely can pose additional challenges for security and compliance with regulations. In March, Sentara Health disclosed an incident concern that resulted in the notification of 1,620 patients. They described the concern this way: In December, the Sentara Health’s Lab Services department hired an individual to process lab requisitions. Lab requisitions are…
Hackers Break Into Car Sharing App, 8.4 Million Users Affected
Bogdan Popa reports: Indian company Zoomcar, best known for its car-sharing model that allows customers to rent vehicles from individuals, has recently acknowledged a data breach that exposed the data of 8.4 million users. The NASDAQ-listed firm revealed the hack attack in an SEC 8-K filing, confirming that a threat actor managed to access its systems and…
Cyberattack pushes German napkin company into insolvency
It is not often that a ransomware attack or cyberattack is wholly responsible for a business failing. With each such claim that is investigated, we sometimes find that an entity was already in financial distress and the attack may just have been one stress too many. Maike Krebber reports: A cyberattack has potentially serious consequences…