Zak Wheeler reports: Hackers have cracked a popular mortgage lender’s servers and gained access to the personal information of its clients. Firstmac, an Australian non-bank mortgage lender, sent out a round of emails to customers this week alerting them to the fact that their data may have been breached. Information accessed by hackers included bank accounts, passport…
Category: Hack
Dell notifies customers of breach; seller “Menelik” is ShinyHunters (2)
On April 28, a new forum user on BreachForums called “Menelik” claimed to have 49 million Dell Technologies customer records for sale. The Daily Dark Web provided a screencap and details from the listing. The customer data purportedly includes data between 2017 and 2024, with “full names, addresses, cities, provinces, postal codes, countries, unique 7-digit…
UK opens investigation of MoD payroll contractor after confirming attack
Connor Jones reports: UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to “malign” forces accessing data on current and a limited number of former armed forces personnel. There is no evidence to suggest that the criminals who broke into the systems actually removed any data,…
One year on, University System of Georgia admits MOVEit attack hit data of 800k people
Connor Jones reports: Just short of a year after the initial incident, the state of Georgia’s higher education government agency has confirmed that it was the victim of an attack on its systems affecting the data of 800,000 people. University System of Georgia (USG), which oversees 26 higher education institutions in the state, filed a disclosure with…
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
Years later, Marriott admits data were not encrypted before its 2018 data breach. Now what?
What might happen to a company that has been making false claims about its system security for more than five years after experiencing a massive data breach? Will state attorneys general, the SEC, and the FTC investigate and possibly penalize them for a significant misrepresentation to consumers and regulators? CSO Online has a significant update…