Isabel Woodford reports: Consumers have raised the alarm about a data breach — including users’ names — at Klarna, Europe’s largest private fintech. The company, which is reportedly in the throes of closing a deal valuing it at $40bn, came under fire on Thursday after users complained they were being accidentally logged in as other people, given…
Category: Business Sector
Colonial Pipeline Accused of Negligence in Proposed Class Action
Jake Holland reports: Colonial Pipeline Co. and its owners acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack, a proposed Georgia federal court class action alleges. The company breached its duty to employ industry security standards, and that failure translated into system outages that harmed consumers by raising…
CEFCO Allegedly Victim of Data Theft
Jackson Lewis reports: Hackers have posted 42 gigabytes of data allegedly stolen from CEFCO Convenience Stores on a website known as Marketo. The website indicates the stolen data includes “agreements, financial data, account lists, budget reports, NDAs and other interesting documents,” according to the post attached to the file online. Read more on CSP.
A former DarkSide listing shows up on REvil’s leak site
On May 15, Chum1ng0 reported that German furniture retailer Möbelstadt Sommerlad had been hit by DarkSide threat actors. By then DarkSide’s leak site was down and it had not been possible to confirm whether DarkSide had ever listed the retailer as a victim or dumped any proof of claim, but given the time frame of…
One Employee’s Accidental Email Leads To A Significant Data Breach Ruling in Federal Appeals Court
Jeffrey Csercsevits of Fisher Phillips writes: A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no indication of misuse or external disclosure. In McMorris v. Carlos Lopez & Associates, LLC, the 2nd Circuit Court of…
After Colonial Pipeline Hack, U.S. to Require Operators to Report Cyberattacks
Rebecca Smith reports: The Transportation Security Administration intends to release the first of at least two security directives that would require pipeline operators to notify it when they are targets or victims of cyberattacks, according to senior officials at the Department of Homeland Security. The action, expected this week, also will require each company to…