Updated May 3: Avos Locker subsequently added the university to its leak site with a message: “1.2 TB data from a college with cyber insurance policy that doesn’t care about protecting students. Management is a circus attempting to identify breach (good luck) and lying to students and media about the severity. We’ll continue attacking for…
Category: Commentaries and Analyses
The Untold Story of the Boldest Supply-Chain Hack Ever
Kim Zetter has a fascinating piece on the run-up to the SolarWinds attack. Here’s a snippet: In fact, the Justice Department and Volexity had stumbled onto one of the most sophisticated cyberespionage campaigns of the decade. The perpetrators had indeed hacked SolarWinds’ software. Using techniques that investigators had never seen before, the hackers gained access…
HC3: Sector Alert Report: New Data Breaches from Cl0p and Lockbit Ransomware Groups
April 28, 2023 New Data Breaches from Cl0p and Lockbit Ransomware Groups Executive Summary Ransomware-as-a-service (RaaS) groups Cl0p and Lockbit recently conducted several distinct attacks, exploiting three known vulnerabilities (CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669). The Cybersecurity and Infrastructure Security Agency (CISA) added the latter two vulnerabilities to its Known Exploited Vulnerabilities Catalog but has not yet…
BakerHostetler’s 9th annual Data Security Incident Response Report
BakerHostetler’s annual report is out, and as always, it is a great read because it provides statistics and analysis of the more than 1,100 data breach incidents the law firm handled in 2022. Ted Kobus provides a bit of the history of the firm’s Digital Assets and Management Group. Here’s just one graphic from the…
Stronger cybersecurity, reducing cyber incidents, greater EU ‘strategic autonomy’? Three interesting features of the proposed EU Cyber Solidarity Act
Mark Young, Paul Maynard, and Anna Sophia Oberschelp de Meneses of Covington & Burling write: On April 18, 2023, the European Commission published its proposal for an EU Cyber Solidarity Act (“CSA”). It aims to strengthen incident detection, situational awareness, and response capabilities, and to ensure that entities providing services critical for day-to-day life can access expert…
Aeries Settles Data Breach Lawsuit for $1.75M; Illuminate Suit is Dismissed – For Now
Kristal Kuykendall reports on the very different outcomes of two class action lawsuits stemming from breaches involving EdTech. Both of these lawsuits’ outcomes have been reported previously on DataBreaches, but this article says that both cases, despite the vastly different outcomes so far, should put EdTech vendors on notice. In a class-action lawsuit filed on…