Sergiu Gatlan reports: CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. […] “The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said…
Category: Business Sector
Sg: Spooked by website hacking, ad firm beefs up security, stops using default passwords
Kenny Chee reports: A simple, default password shared by employees was possibly the weak link that allowed hackers to break into advertising and creative agency Splash Productions‘ website and deface it. The incident, which happened about five to six years ago, was a wake-up call that spurred the company to drastically improve its cyber security…
Ransomware-hit law firm gets court order asking crooks not to publish the data they stole
Gareth Corfield reports on what sounds like a legal Hail Mary play: A barristers’ chambers hit by a ransomware attack has responded by getting a court order demanding the criminals do not share stolen data. 4 New Square chambers, which counts IT dispute experts among its ranks, obtained a privacy injunction from the High Court…
Marsh McLennan reveals April data breach involving third-party software
Gavin Souter reports: Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage. The company sent a breach notification dated June 30, which was obtained by Business Insurance, stating…
British Airways settles with 2018 data breach victims
Reuters reports: British Airways has settled a case brought by customers and staff affected by a massive 2018 data breach that led to personal information being leaked, the court-appointed lead solicitors in the case said on Tuesday. Law firm PGMBM said those affected by the data leak would receive a confidential settlement following mediation with…
Some Kaseya victims privately negotiating with REvil
While the headlines blare about REvil offering to decrypt all victims of the Kaseya attack if they are paid $70 million, some companies have apparently already taken to individual negotiations with the threat actors. Over on SuspectFile, Marco A. De Felice is careful not to name the victim, but describes one such set of negotiatons…