On February 16, BlackCat added loanDepot to their dark web leak site, but without any data as proof. At the time, they claimed that LoanDepot had shown up in the negotiation chat, and had offered $6 million for the data and a decryptor, but allegedly claimed they could offer more after the weekend. But after…
Category: Breach Incidents
Zalkin law firm settles suit by clients whose sex abuse details were hacked by BlackCat
The Zalkin Law Firm (“Zalkin”), a San Diego firm advocating for sexual abuse survivors nationwide, was sued in September after BlackCat gained access to the firm’s system and exfiltrated 523 clients’ personal information, including sexual abuse details. On their dark web leak site, the threat actors claimed to have exfiltrated 415.63 GB of sexual harassment…
Grace Lutheran Communities attacked by BlackCat; employee and resident data acquired
Grace Lutheran Foundation, which does business as Grace Lutheran Communities in Wisconsin, offers a variety of services including rehabilitation services, assisted living, skilled nursing, independent living, adult day services, and childcare. On February 9, they posted a notice about a data breach they discovered on January 22, 2024. They emphasized that there was no indication…
Update to the Tic Hosting Solutions data incident
On April 30, 2023, DataBreaches reported an alleged data breach involving TorchByte (formerly known as Tic Hosting Solutions). At the time, DataBreaches had been unable to reach the firm, and the Romanian data protection authority informed DataBreaches that they had received no report from them of any breach. But the screenshots provided to this site…
Updating: Prince George’s County Public Schools breach affected almost 100,000
In August 2023, Prince George’s County Public Schools disclosed a cyberattack. At the time, they reported that “an estimated 4,500 user accounts out of 180,000 were impacted, primarily staff accounts. The school system is still assessing the full scope of this incident, but as of this time, the main business and student information systems –…
Update on INTEGRIS Health data breach: incident response criticized by patients
In December, INTEGRIS Health disclosed a cyberattack in November in which threat actors contacted patients directly to extort them when INTEGRIS wouldn’t pay their demands. DataBreaches subsequently reported additional details. On February 6, INTEGRIS updated its breach notice. The updated website notice incorporates the kind of language that advocates for transparency and data protection may…