A hack and extortion attempt involving the psychotherapy center in Vastaamo, Finland was — and remains — one of the worst breaches ever covered on PogoWasRight.org and DataBreaches.net because it involved the sensitive mental health information of tens of thousands of patients and a coverup by an executive of the clinic. Now EDPB has posted…
Author: Dissent
NZ: Vodafone accidentally sent a customer personal details of 18 other accounts
Some incidents that would seem “smallish” here make headlines elsewhere. But that’s actually helpful, as it reminds us all that avoidable human errors continue to occur and that even big corporations who should have lots of money to dedicate to data security and protection still fail to avoid all breaches. Melanie Carroll reports: A customer…
Russian national named in $82M hacking scheme denied bail
AP reports: A Russian millionaire who U.S. authorities allege participated in a scheme to steal information on computer networks and use it for insider trading, illegally bringing in tens of millions of dollars, was denied bail Wednesday. Vladislav Klyushin, 41, who works for an information technology company with ties to the upper levels of the…
Have I Been Pwned warns of DatPiff data breach impacting millions
Bill Toulas reports: The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to download or upload…
New York Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting More Than 1.1 Million Consumers
NEW YORK – New York Attorney General Letitia James today announced the results of a sweeping investigation into “credential stuffing” that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies. Attorney General James released a “Business Guide for Credential Stuffing Attacks” that details the attacks — which involve repeated, automated attempts to access online…
FTC warns companies to remediate Log4j security vulnerability
Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is…