It is not unheard of for ransomware groups to publicly misidentify their victims. We saw such errors from the outset of groups publicly naming and shaming victims and leaking data. DataBreaches reported on a few such cases involving Maze and has reported on other misidentifications in other groups since then. DataBreaches has occasionally contacted threat…
Author: Dissent
Signal says third-party data breach exposed 1,900 phone numbers
J. Fingas reports: Signal’s reputation for secure messaging doesn’t make it completely invulnerable to hacking incidents. The company has confirmed that a data breach at verification partner Twillio exposed the phone numbers and SMS codes of roughly 1,900 users. As TechCrunch observed, the intruder could have either used the information to either identify Signal users or re-register their numbers to other…
Exclusive: Has France thrown a French national to U.S. prosecutorial wolves? Pourquoi?
On May 31, with the cooperation of Moroccan authorities, the U.S. secured the detention of Sebastien Raoult. Raoult is a 21-year-old French national who had been vacationing in Morocco and was about to take a flight to Belgium. The U.S. alleges Raoult is a member of ShinyHunters. While the U.S.’s interest in securing his arrest…
Cyberattack on the Presidency of Moldova compromised servers
Daniel Hacina reports: The e-mail server of the Presidency of Moldova has been compromised. The institution announces that the cyber attack occurred on August 10. As the officials claim, the competent institutions are investigating the case. How long the institution’s e-mail did not work is not specified for now. Read more at Moldova Live. via…
Lee County Emergency Medical Services notifies past customers of third-party security breach
Cape Coral Breeze reports: Lee County Emergency Medical Services reports that on Aug. 4 staff received notification of a customer data breach related to a previous third-party vendor responsible for ambulance billing services. Lee County EMS conducted business with a company called Intermedix Corporation for nearly 15 years, ending its vendor contract in September 2014….
NYDFS Proposed Amendments to Its Cybersecurity Rules
Patrick H. Haggerty and Elise Elam of BakerHostetler write: On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for…