There’s an interesting monetary penalty notice involving a UK law firm stemming from a ransomware attack in 2020 and the ICO’s investigation of their data protection and security. The Information Commissioner announced today that it has issued Tuckers Solicitors a monetary penalty under section 155 of the Data Protection Act 2018 (“the DPA”). The penalty…
Category: Business Sector
Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas
There’s an update to a case previously noted in November. From the DOJ today: A man charged with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, made his initial appearance and was arraigned today in the Northern District of Texas. According to an August 2021 indictment, Yaroslav Vasinskyi, 22, accessed…
Herff Jones settles data breach law suit for $4.35 million
There’s an update to the Herff Jones data breach previously noted on this site. According to TopClassActions: Herff Jones will pay $4.35 million to resolve claims it failed to protect its customers during a 2021 data breach. The settlement benefits individuals whose payment card information was exposed during the Herff Jones data breach. Included consumers…
Nespresso data leak in South Africa
Jan Vermeulen reports: South African Nespresso distributor Top Coffee has sent a notice to clients informing them that their names, phone numbers, and email addresses may have been leaked. According to the notice, the personal information may have been temporarily exposed through a third-party supplier. The distributor doesn’t believe that any customer financial information was…
Adafruit discloses data leak from ex-employee’s GitHub repo
Ax Sharma reports: Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics…
Malware now using stolen NVIDIA code signing certificates
Lawrence Abrams reports: Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. […] After Lapsus$ leaked NVIDIA’s code-signing certificates, security researchers quickly found that the certificates were being used to sign malware and other tools used by threat actors. According to samples…