Lawrence Abrams reports: A new data extortion group named ‘Donut Leaks’ is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. […] Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang…
Category: Commentaries and Analyses
HC3: Analyst Note: Karakurt Threat Profile
HC3: Analyst Note TLP: White Report: 202208241200 Executive Summary Karakurt ransomware group, also known as the Karakurt Team and Karakurt Lair, is a relatively new cybercrime group, with researchers reporting its first emergence in late 2021. Karakurt actors claim to steal data and then threaten to auction it off or release it to the public…
OCR Settles Case Involving Decade-Long Improper Disposal of Protected Health Information
There is an enforcement update to an incident noted on this site in 2018. The incident that involved New England Dermatology P.C., d/b/a New England Dermatology and Laser Center (“NDELC”) was summarized by HHS in their resolution agreement and corrective action plan for this case: On May 11, 2021, NEDLC filed a breach notification report…
Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
By Donie O’Sullivan, Clare Duffy and Brian Fung, CNN Business Video by John General, Zach Wasser and Logan Whiteside, CNN Business Portraits by Sarah Silbiger for CNN Twitter has major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy, according to an explosive…
Transparency #FAIL: Why won’t Anthem/Elevance Health answer a simple question about breaches?
A DataBreaches opinion piece. You might think a giant insurer like Anthem, which has experienced at least several breaches over the years — including one of the most significant breaches ever — would understand the importance of transparency by now. Apparently not. On May 24, Anthem (now known as Elevance Health) posted a notice on…
‘I went to prison for the £77m TalkTalk hacking. I could be sent back for ordering a McDonalds’
Nicholas Fearn reports: As one of Britain’s most notorious cyber criminals, Daniel Kelley played a leading role in the 2015 TalkTalk data breach. The hack was catastrophic for the telecoms firm, resulting in a financial loss of £77 million (€90.7 million) and the stolen data of over 150,000 customers. Kelley would go on to spend…