It looks like the threat actor known as ShinyHunters was active again. It also looks like there was some drama about a sale of databases that was supposed to be exclusive but wasn’t, and databases and links to databases getting dumped. What databases, you wonder? Well, BleepingComputer reports on the Animal Jam database, and there…
Category: Breach Incidents
PROOF POINTS: What happens when private student information leaks
Drawing upon the incredible work of Doug Levin and his K-12 Cybersecurity Resource Center, Jill Barshay of The Hechinger Report highlights some of Doug’s findings — findings the GAO relied heavily upon in their recent report. How you tabulate breaches can make a huge difference in the public’s — and Congress’s — understanding of the…
Patients need to be notified sooner of ransomware dumps
In the past year, we have seen a significant increase in the use of dedicated leak sites where ransomware threat actors post the names of victims and dump some of their data to pressure them to pay demanded ransom. In the U.S., HIPAA gives covered entities no more than 60 days from discovery of a…
Alibaba-Backed Bigbasket Suffers Major Data Loss in Cyberattack
Saritha Rai has more on the BigBasket breach reported this past week: Cyberattackers have stolen the personal details of million users of top Indian internet grocer Bigbasket, the latest e-commerce data breach to emerge as home-bound consumers flock online. Bigbasket co-founder and chief executive officer Hari Menon confirmed the attack, which was first reported by…
Luxottica has a lot more explaining to do
Update: My source was correct. On November 12, HHS added Luxottica’s report to their public breach tool. Luxottica reported, as a business associate, that 829,454 patients were impacted by the August breach. In September, we learned that the eyewear giant Luxottica had suffered a massive ransomware attack that resulted in its suspending operations in both…
Almost 11 million patients impacted by Blackbaud incident — and still counting
Earlier this week, Marianne Kolbasuk McGee had a follow-up piece on the Blackbaud ransomware incident. As part of her update, she reported that Blackbaud would not provide answers when asked about the number or names of clients involved in the incident who had patient data or medical information of donors involved. McGee notes: A snapshot…