Matt Kapko reports: A ransomware attack against San Francisco’s Bay Area Rapid Transit exposed highly sensitive and personal data after a threat group leaked the records Friday. The nation’s fifth-largest transit system by ridership, and largest in California, remains operational. Vice Society, a prolific ransomware group, claimed responsibility for the attack on Friday when it…
Category: Business Sector
Guardian confirms it was hit by ransomware attack
Dan Milmo reports: The Guardian has confirmed it was hit by a ransomware attack in December and that the personal data of UK staff members has been accessed in the incident. The Guardian Media Group’s chief executive, Anna Bateson, and the Guardian’s editor-in-chief, Katharine Viner, confirmed the news in an update emailed to staff on…
Update about an alleged incident regarding Twitter user data being sold online
From Twitter, today: …. In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems. We also want to share an update about an incident that took place earlier this year,…
Captify’s Your Patient Advisor advises more than 244,000 consumers of payment card breach
Your Patient Advisor by Captify started notifying people in mid-December of a security breach that occurred in 2019 and continued for years. Captify Health (“Your Patient Advisor”) is an online retailer of colonoscopy preparation kits. In March of 2021, they were contacted about the fraudulent use of consumer credit cards potentially related to their payment…
Identity Thieves Bypassed Experian Security to View Credit Reports
Brian Krebs reports: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s…
When ransom negotiations become public, self-inflicted reputation harm may follow
Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug bounty” and never disclose that they were the victim of a ransomware incident. At least, that’s how it seems, unless, of course, CyberOptics is going to claim that they were…