Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…
The threat actor known as 0mid16B contacted DataBreaches this morning to alert this site to a breach involving a U.K. photo business, DEphoto (DEphoto[.]biz). DEphoto is an established business for school, sports, club, and event photography. According to 0mid16B, they attacked DEphoto on December 25, and acquired the personal information of 555,952 customers, 429,597 orders…
Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….
Ryan Knappenberger reports: The U.S. Department of the Treasury said on Monday that Chinese-backed hackers had breached its workstations and gained access to unclassified documents earlier this month in what it described as a “major cybersecurity incident.” The announcement comes just over a month after the Senate Intelligence Committee revealed recent Chinese hacks into the…
December 23, Newark, N.J. – A citizen and resident of Brazil was charged with making extortionate threats to publicize data stolen from the Brazilian subsidiary of a New Jersey company, U.S. Attorney Philip R. Sellinger announced. Junior Barros De Oliveira, 29, of Curitiba, Brazil was charged with four counts of extortionate threats involving information obtained…
Bill Toulas reports: The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. The cybercriminals announced that they are contacting those companies directly to provide links to a secure chat channel for conducting ransom payment negotiations….