Daphne Zhang reports: T-Mobile US Inc.’s recent cyber insurance victory in Washington state court helps clear the way for organizations to use third-party data breach settlement payments to satisfy skyrocketing cyber insurance deductibles. The Nov. 28 Washington appeals court ruling held that the telecom giant satisfied a $10 million deductible under a cyber policy with a Zurich…
Category: Commentaries and Analyses
HC3: Analyst Note: LockBit 3.0 Ransomware
Report: 202212121700 LockBit 3.0 Ransomware December 12, 2022 Executive Summary LockBit 3.0 is the newest version of the LockBit ransomware that was first discovered in September 2019. The ransomware family has a history of using the Ransomware-as-a-service (RaaS) model and typically targets organizations that could pay higher ransoms. Historically, this ransomware employs a double extortion…
KS: Legislative Post Audit report identifies IT concerns at state agencies, school districts
Phil Anderson reports: A report from the Kansas Legislative Division of Post Audit that was released this week identified a number of information technology security concerns found over a three-year period at state agencies and school districts. The report was made public during a session on Monday at the Statehouse. According to the report, the…
A second group of threat actors has now leaked Kenosha USD data
Oh what a tangled web we weave…. Back in October, DataBreaches reported that Snatch Team had listed Kenosha Unified School District in Wisconsin on its dedicated leak site. By the end of the day, however, the listing had been removed without any data having been leaked. Then in November, REvil listed KUSD on their leak…
Most of the 10 largest healthcare data breaches in 2022 are tied to vendors
Jessica Davis reports: Ninety percent of 10 largest healthcare data breaches reported this year were caused by third-party vendors, much like in 2021. The fallout for many of these cyberattacks resulted in impacts for multiple connected providers, with two of these vendor incidents affecting hundreds of providers. These incidents should serve as a warning to…
AirAsia’s parent company told to supply documents; government probes Daixin ransomware attack
John Bunyan reports: The Ministry of Communications and Digital has ordered Capital A, the parent of AirAsia, to submit supporting documents and data for the investigation into the breach of the airline’s networks that exposed the personal information of millions of passengers and staff. Communications and Digital Minister Fahmi Fadzil said the security breach affecting…