Although it has been out of the news cycle in the U.S., counsel for suspected ShinyHunters member Sebastien Raoult continues to urge France to seek his client’s extradition to France from Morocco. Raoult has been sitting in a Moroccan jail since May 31 when he was picked up on a red notice from Interpol at…
Category: Breach Incidents
CSI Laboratories reports a second big breach this year
Georgia-based Cytometry Specialists d/b/a CSI Laboratories (“CSI”) has reported a second big breach this year. In a press release issued this week, CSI reports that they discovered on July 8 that they had been the victim of a phishing attack that compromised an employee’s email account. The incident was reported to HHS on September 26…
Revenge telecom hacking by DESORDEN Group; third attack threatened
DESORDEN Group has added a new transparency demand to their attacks against Malaysian entities: victims must disclose the breach publicly if they have not paid the attackers. If the victim doesn’t disclose and Malaysian media does not report the incident, Malaysia should expect more breaches. The added demands arose after DESORDEN claimed they spent hours…
WA: Columbia River Mental Health Services discloses long-running breach
Columbia River Mental Health Services in Vancouver, Washington has issued a press release about a breach that went undetected for approximately one year. From their press release: Columbia River Mental Health Services (“CRMHS”) recently became aware of suspicious activity related to certain CRMHS email accounts. CRMHS immediately launched an investigation, with the assistance of third-party…
“CISA wasted our time, we waste CISA reputation” — Vice Society
Over the Labor Day weekend, the Los Angeles Unified School District (LAUSD) experienced a ransomware attack. Although their initial disclosure did not name the ransomware group involved, CISA issued an alert on September 6 about Vice Society attacking the education sector. Two days later, Vice Society acknowledged responsibility for the attack on LAUSD. LAUSD decided…
Why won’t they tell you that your data were leaked? Why doesn’t the government make them tell you?
For the past few years, DataBreaches has called out victims of cyberattacks who do not fully disclose how bad a breach was. Weasel words such as something “may have” happened when a victim knows damned well that it wasn’t just “may have” but did happen are just one example. Another example involves victims who claim…