Ben Lovejoy reports: A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources. It had previously been…
Category: Commentaries and Analyses
Community Health Network notifies patients of meta pixel breach
Community Health Network in Indiana has become the latest healthcare entity to notify patients that their protected health information was transmitted via trackers on their website from Google and Meta. Their FAQ page attempts to explain it in basic English and does a good job, but there’s no getting around this: Any individual who visited…
HC3 Alert on Lorenz Ransomware
HC3 has issued an alert about Lorenz ransomware. Lorenz threat actors have been mentioned on DataBreaches’ site several times since 2021. In one case they attacked and exfiltrated data of 500,000 patients of Wolfe Clinic in Iowa, and they recently posted data from Salud Family Health in Colorado. Salud has not yet reported a number…
Third Circuit Finds Standing for Victim of Data Breach, Citing ‘Imminent Harm’
Harris Freier and Avi R. Jerushalmy write: It comes as no surprise that cybersecurity is at the forefront of business owners’ minds across the globe. Corporate cyberattacks were at an all-time high last year, up 50% year over year. The Cybersecurity and Infrastructure Security Agency reported in February that it is aware of ransomware incidents against 14…
Hackers breach energy orgs via bugs in discontinued web server
Sergiiu Gatlan reports: Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. Read more at BleepingComputer.
The LinkedIn-HiQ Labs Case and Data Scraping in the US: Some Takeaways
Odia Kagan of Fox Rothschild writes: What does the summary judgment granted to Linkedin in the famous Linkedin-HiQ Labs case teach us about data scraping in the US? Here are some of my thoughts on what the U.S. District Court for the Northern District of California ruling means. Bottom line: Summary judgment was granted to…