Kristal Kuykendall reports on the very different outcomes of two class action lawsuits stemming from breaches involving EdTech. Both of these lawsuits’ outcomes have been reported previously on DataBreaches, but this article says that both cases, despite the vastly different outcomes so far, should put EdTech vendors on notice. In a class-action lawsuit filed on…
Category: Commentaries and Analyses
3CX Breach Was a Double Supply Chain Compromise
Brian Krebs reports: In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. 3CX says it has more than 600,000 customers and 12 million users in a broad range of industries,…
Russian hackers exfiltrated data from from Capita over a week before outage
Kevin Beaumont writes: Capita have finally admitted a data breach, but still do not think they need to disclose key details of the incident to customers, regulators, impacted parties and investors. So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta ransomware group using…
Mullvad VPN was subject to a search warrant, says customer data not compromised.
Mullvad reports on their blog: On April 18 at least six police officers from the National Operations Department (NOA) of the Swedish Police visited the Mullvad VPN office in Gothenburg with a search warrant. They intended to seize computers with customer data. In line with our policies such customer data did not exist. We argued they had…
HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector
On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of the following resources to help address cybersecurity concerns in the Healthcare and Public Health (HPH) Sector: Knowledge on Demand – a new online educational platform that offers free cybersecurity trainings for health and public health organizations to…
Dutch hacking suspects to be in court April 20; Dutch police try to warn others to “stop cybercrime”
There’s been a lot of speculation following the arrest of Conor Fitzpatrick (aka “Pompompurin”) once it began to really sink in for some people that law enforcement has both the RaidForums BreachForums databases. One development that has contributed to the anxiety some people may be feeling is that the Dutch police have sent out thousands…