Commentaries and Analyses – Page 100

Recent NYS audits of K-12 school districts’ infosecurity

Posted on July 27, 2023 by Dissent

A toot by Doug Levin yesterday reminded me that I haven’t posted NYS Comptroller audits of school districts in a while. So here are three to get caught up: Jericho Union Free School District – Acceptable Use Policy (2022M-194) Issued Date: July 21, 2023 Audit Objective Determine whether Jericho Union Free School District (District) officials…

North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say

Posted on July 26, 2023 by Dissent

Zack Whittaker reports: Security researchers say they have high confidence that North Korean hackers were behind a recent intrusion at enterprise software company JumpCloud because of a mistake the hackers made. Mandiant, which is assisting one of JumpCloud’s affected customers, attributed the breach to hackers working for North Korea’s Reconnaissance General Bureau, or RGB, a hacking unit…

IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs

Posted on July 25, 2023 by Dissent

From IBM: IBM Security today released its annual Cost of a Data Breach Report,1 showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years. Detection and escalation costs jumped 42% over this same time frame, representing the highest…

Umbreon Unplugged: Unraveling the Sequel to Failures

Posted on July 24, 2023June 6, 2025 by Dissent

On June 23, DataBreaches published the first of a series of interviews with Pepijn Van der S. aka “Umbreon.” Umbreon, 21, was arrested in January and remains in detention, awaiting trial on charges that include hacking, data exfiltration, extortion, sale of stolen data, and money laundering. At the end of the first article, DataBreaches invited…

Pointed to a phishing campaign targeting the healthcare sector, Microsoft leaps into action to … not even investigate?!

Posted on July 24, 2023 by Dissent

The relaxing Sunday I was looking forward to did not quite work out as planned. Dutch researcher and all-around good-guy Jelle Ursem (aka @SchizoDuckie) got in touch with me about what appeared to him to be a sketchy site allegedly by a well-known prescription management entity. After a few minutes of checking, there was no…

1st Circuit confirms standing for data breach victims

Posted on July 22, 2023 by Dissent

Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class…