The Office of Inadequate Security
If you say you always do right, then you should do right, right? Ouch. Over on infosec.exchange, @Jayeltee recently wrote: Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included, and when I ask them for their intentions regarding disclosure, they go into hiding mode, removing their management and…
On October 26, FREE S.A.S., a major ISP in France, confirmed that it had been hacked after a threat actor calling himself “drussellx” listed customer data up for auction on a popular hacking forum. Drussellx claimed to have acquired the information of 19.2 million subscribers on October 17, 2024. The breach “affects all FREE Mobile and…
Margi Murphy and Brian Platt report: Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., according to people familiar with the matter. Following a request from the US, Alexander “Connor” Moucka was taken into custody on a provisional arrest warrant on…
In July 2021, Chelan Douglas Health District in Washington experienced a data breach. They disclosed the breach to the public in March 2022, surprisingly patting themselves on the back for completing their investigation in 6-7 months. A number of media reports indicate that the breach reportedly affected almost 109,000 patients, but the breach was reported…
Bill Toulas reports: The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. The seizure and arrests were conducted as part of “Operation PowerOFF,” an ongoing international law enforcement operation that targets DDoS-for-hire platforms, aka “booters” or “stressers,” to…
Following up on a settlement yesterday that was HHS’s first enforcement action under OCR’s Risk Analysis Initiative, HHS OCR today released a security risk assessment tool. Here is their statement about it: Today, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP) are…