Breach Incidents – Page 234

Dickey’s Barbecue Pit provides an update on its breach

Posted on January 4, 2021 by Dissent

On October 15, Gemini Advisory reported that the Joker’s Stash dark web marketplace had uploaded its then-latest breach, titled “BLAZINGSUN.” Gemini Advisory determined that the compromised point of purchase (CPP) was Dickey’s Barbecue Pit, a US-based restaurant franchise. Gemini reported on their findings here, and in their annual write-up, they reported that while Joker’s Stash…

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Posted on January 2, 2021 by Dissent

With profound apologies to Catalin Cimpanu for previously posting a plagiarized copy of his reporting, here is his report: More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The…

Apex Laboratory confirms ransomware attack; only recently discovered data theft

Posted on January 2, 2021 by Dissent

DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors. Apex was added to their leak site on December 15. As proof of claims, the threat actors uploaded approximately 10,000 files containing protected health information of patients (PHI) and personally identifiable information of employees (PII). The 10,000 estimate is…

Wishing You a Happy, Healthy, and Safe New Year

Posted on December 31, 2020 by Dissent

Wishing all our readers a happy, healthy, and safe new year in 2021.

ROMWE’s press release reflects an abundance of …. something, but not caution.

Posted on December 31, 2020 by Dissent

This week, I drafted a commentary mocking ROMWE’s for claiming that they were notifying their consumers about a breach out of “an abundance of caution.” Then I decided to try to be nice, and I trashed it. Yesterday, Marco de Felice wrote a piece about the breach that shows that it was even worse than…

As 2020 draws to a close, it still takes too long to detect and notify patients of most breaches

Posted on December 31, 2020 by Dissent

The press release below the separator includes the kind of timeline that we often see in breach disclosures where an employee’s email account has been hacked. It continues to take many entities too long, in this blogger’s opinion, to detect breaches of their systems, then determine that PHI was involved, and then notify. In this…