Uh oh. Brian Krebs reports: In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts…
Category: Business Sector
FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the…
Pizza Hut Australia customer data hacked; ShinyHunters claims to have more than 1 million customers’ information
This has not been a great year for Australian citizens whose personal information has been compromised in a number of cyberattacks. Although DataBreaches regrets being the bearer of more bad news for them, more than one million customers of Pizza Hut Australia appear to have had their data acquired by ShinyHunters. According to “Shiny” (@shinycorp),…
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed
Lorenzo Franceschi-Bicchierai reports on yet another incident in which responsible disclosure by a researcher and follow-up by media failed to get a company to address vulnerabilities that left the personal information of customers exposed: A company that makes a chastity device for people with a penis that can be controlled by a partner over the…
At some point, SNAtch Team stopped being the Snatch ransomware gang. Were journalists the last to know?
In December 2019, Sophos published an analysis of Snatch ransomware. In June 2020, DFIR Report provided a case study, and in July 2020, LIFARS wrote an article about Snatch ransomware having been detected in attacks in June. Since then, the Snatch leak site has continued to add victims and the media (including DataBreaches) has continued to…
Za: Enforcement Notice Issued To Dis-Chem For Violating POPIA
Gugu Lourie reports: On the 31st of August 2023, the Information Regulator took action by issuing an Enforcement Notice against Dis-Chem, due to their non-compliance with several provisions of the Protection of Personal Information Act (POPIA). In the timeline of events, it was revealed that during the months of April and May in 2022, a…