There’s an update to a breach reported on DataBreaches that involved both a business associate (Cotiviti) and insider wrong-doing by an employee of a subcontractor of the business associate (Visionary). Humana and Cotiviti agreed to a class action settlement to resolve claims they jeopardized consumer data in a 2020 data breach. The settlement benefits consumers…
Author: Dissent
BlackByte ransomware gang is back with new extortion tactics
Lawrence Abrams reports: The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. Read more at…
WestJet app data breach reveals other people’s personal information
Stephen Hunt reports: WestJet says it’s investigating a technical glitch on its app that allowed users to see other people’s profiles. CTV News first learned of the issue Wednesday afternoon from a viewer and a Twitter post that indicated that once you logged on to the airline’s app, you could see the personal information of…
Brazilian police launch investigation targeting Lapsus$ group
Andrea Peterson reports: Brazil’s Federal Police carried out eight search and seizure warrants Tuesday as part of an investigation into attacks claimed by the Lapsus$ Group that disrupted the country’s Ministry of Health last December, the agency announced in a press release. Police did not specifically name Lapsus$ Group in the announcement. However, the details described…
TX: Methodist McKinny Hospital beat Karakurt to the punch by revealing attack quickly
Yesterday, Karakurt threat actors added the Methodist McKinny Hospital in Texas to their dark web leak site. They listed the hospital as a “pre-release,” which is their way of putting pressure on a victim — or trying to put pressure on a victim — to pay so their data is not leaked or auctioned off….
New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection
By Hunton Andrews Kurth’s Privacy and Cybersecurity On June 10, 2022, New York became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education (“CLE”) requirements. The new requirement will take effect July 1, 2023. The New York State…