DESORDEN Group has added a new transparency demand to their attacks against Malaysian entities: victims must disclose the breach publicly if they have not paid the attackers. If the victim doesn’t disclose and Malaysian media does not report the incident, Malaysia should expect more breaches. The added demands arose after DESORDEN claimed they spent hours…
Category: Breach Incidents
WA: Columbia River Mental Health Services discloses long-running breach
Columbia River Mental Health Services in Vancouver, Washington has issued a press release about a breach that went undetected for approximately one year. From their press release: Columbia River Mental Health Services (“CRMHS”) recently became aware of suspicious activity related to certain CRMHS email accounts. CRMHS immediately launched an investigation, with the assistance of third-party…
“CISA wasted our time, we waste CISA reputation” — Vice Society
Over the Labor Day weekend, the Los Angeles Unified School District (LAUSD) experienced a ransomware attack. Although their initial disclosure did not name the ransomware group involved, CISA issued an alert on September 6 about Vice Society attacking the education sector. Two days later, Vice Society acknowledged responsibility for the attack on LAUSD. LAUSD decided…
Why won’t they tell you that your data were leaked? Why doesn’t the government make them tell you?
For the past few years, DataBreaches has called out victims of cyberattacks who do not fully disclose how bad a breach was. Weasel words such as something “may have” happened when a victim knows damned well that it wasn’t just “may have” but did happen are just one example. Another example involves victims who claim…
Thailand’s THE ICON GROUP hacked by DESORDEN
DESORDEN Group’s attacks on ASEAN businesses continue. This week, they disclosed a hack of The Icon Group in Thailand. In a statement on a popular hacking forum, DESORDEN writes: This data breach involved 161 GB of databases and files, including personal information of 264,128 customers, with their full name, ID card number, bank account…
Robinhood data breach class action settlement
Top Class Actions reports that the Robinhood investment platform has agreed to settle litigation stemming from an incident in 2020 that resulted in some customers having their accounts taken over. According to a data breach class action lawsuit, Robinhood failed to respond adequately to the data breach. Because the company had no phone number listed…