Wycliffe Musalia reports that Kenya’s Naivas supermarket chain in Kenya has been the victim of a ransomware incident, but the chain assures customers that certain customer data such as payment card data was never at risk because it is not stored on their system. From the news report, it sounds like the company notified law…
Category: Breach Incidents
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far, Part 2.
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we noted six entities that have disclosed the breach. Five of them are listed on Clop’s leak site with their…
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far. (3)
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we note entities that have already disclosed the breach. In Part 2, we will note those entities that do not…
Bits ‘n Pieces (Trozos y Piezas)
Cementos Bío-Bío S.A attacked by BlackByte Cementos Bio-Bio S.A, a Chilean cement company, was added to BlackBye’s leaks site on April 9. DataBreaches found no notice of any incident on the main cbb.cl website, but the cbbexpress.cl customer portal had a notice about interruptions: “At this time we are having intermittencies with our services. If…
LockBit ransomware gang appears to be targeting Macs for the first time
Michael Potuck reports: Over the last several years, LockBit has become one of the most powerful ransomware gangs. While it has focused on Windows, Linux, and virtual host machines, it looks like the group has developed its first ransomware for Macs. Discovered by MalwareHunterTeam (via Brett Callow), what seems to be the first ransomware build designed for macOS has surfaced…
A short-lived BlackCat listing suggests NCR’s customers’ networks were accessed
It’s been more than a decade since DataBreaches covered any significant data breach involving the Aloha POS system, and back then it was owned by Radiant Systems. In 2011, NCR Corporation bought Aloha POS. Things were fairly quiet since then, if you don’t count NCR’s response to a zero day RCE vulnerability that NCR somewhat…