Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. The rules were unveiled in a draft update to the Federal Acquisition Regulation (FAR) that refreshes security…
Category: Business Sector
Hundreds of Jewish creatives have names, details taken in leak, published online
Chip Le Grand reports: Anti-Zionist activists have published the names, images, professions and social media accounts of hundreds of Jewish people working in academia and creative industries, in an escalation of social tensions over the October 7 attacks and subsequent war in Gaza. The dissemination of almost 600 names and their personal details was taken…
Verizon insider data breach affects over 63,000 employees
Bleeping Computer reports that Verizon has notified the Maine Attorney General’s Office of an insider data breach affecting 63,206 employees. According to their sample notice of what was sent to those affected, an employee gained unauthorized access to employee data on September 21, 2023, although Verizon didn’t discover the problem until December. The types of…
Two hosting companies in Romania had what appear to be unrelated breaches. Did either one ever issue a public notice? (2)
In April 2023, DataBreaches reported on an alleged incident involving TIC Hosting in Romania. No one from TIC Hosting ever responded to inquiries from this site, and inquiries to the data protection regulator for the country indicated that TIC Hosting had never reported any data protection incident to them. And that seemed to be the…
Cloudflare hacked using auth tokens stolen in Okta attack
Sergiu Gatlan reports: Cloudflare disclosed today that its internal Atlassian server was breached by a suspected ‘nation state attacker’ who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare’s self-hosted Atlassian server on November 14 and then accessed the company’s Confluence and Jira…
FTC Order Will Require Blackbaud to Delete Unnecessary Data, Boost Safeguards to Settle Charges its Lax Security Practices Led to Data Breach
FTC says company’s poor security allowed hacker to steal sensitive data of millions of consumers, go undetected for months South Carolina-based Blackbaud Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the Federal Trade Commission over charges that the company’s lax security allowed a…