The Hacker News reports: Cloud computing and analytics company Snowflake said a “limited number” of its customers have been singled out as part of a targeted campaign. “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” the company said in a joint statement along with CrowdStrike and…
Category: Business Sector
Snowflake data breach claims spark war of words over culpability; researchers may have been trolled
Solomon Klappholz reports: Snowflake has pinned the blame on a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication. In a statement on 2 June 2024, Snowflake CISO Brad Jones pushed back on claims that major data breaches involving Ticketmaster and Santander were caused by a vulnerability or misconfiguration in Snowflake’s platform. […] Cyber crime intelligence…
WD & Associates had a breach in February 2023. Individuals still haven’t been notified.
From a summary of Rhode Island’s data breach notification law, as summarized by PerkinsCoie: Notification Obligation. Any Entity to which the statute applies shall provide notification of (i) any disclosure of PI or (ii) any breach of the security of the system, that poses a significant risk of identity theft to any resident of RI whose unencrypted PI…
Hacked? Ticketmaster’s terrible, horrible, no good, very bad week just got worse
On May 23, the U.S. Department of Justice, joined by 29 state attorneys general and the District of Columbia, sued Live Nation Entertainment and its wholly-owned subsidiary, Ticketmaster, for violating the Sherman Antitrust Act. In his prepared remarks, Attorney General Garland said In recent years, Live Nation-Ticketmaster’s exorbitant fees and technological failures have been criticized…
Optus fails to keep report into cyber attack out of class action
It has not happened often, but now another court has held that a breached entity cannot protect an investigation into a breach by declaring it legally privileged. Naomi Neilson reports: The Australian Federal Court has ruled that Optus will not be able to keep a report it commissioned from professional services firm Deloitte regarding its…
Sg: Software firm fined $74k for data breach caused by weak password; half a million users affected
Ang Qing reports from Singapore: A company running online language lessons for children around the world used a password based on its website name, LingoAce, making it vulnerable to the data breach that resulted. More than half a million users were affected. Among personal data compromised were the cellphone numbers, bank account numbers, signatures and…