From the Federal Trade Commission: The Federal Trade Commission will require Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a robust information security program to settle charges that the companies’ failure to implement reasonable data security led to three large data breaches from 2014 to 2020 impacting more than 344…
Executive Summary Trinity ransomware is a relatively new threat actor, known for employing a double extortion strategy. This method involves exfiltrating sensitive data before encrypting files, thereby increasing pressure on victims to pay the ransom. This ransomware uses the ChaCha20 encryption algorithm, and encrypted files are tagged with the “.trinitylock” file extension. Trinity operates a…
On March 19, 2024, DataBreaches reported a ransomware attack targeting New York Plastic Surgical Group (a division of Long Island Plastic Surgical Group). According to one of the threat actors involved, the attack occurred on January 7 and involved both RADAR and AlphV (BlackCat) groups working together — AlphV to encrypt files and negotiate the ransom…
In April 20218, DataBreaches reported a ransomware incident in February 2018 that had affected 81,550 patients of the Center for Orthopaedic Specialists (COS) – Providence Medical Institute (PMI) in California. The entity’s notification at the time indicated that patients’ names, dates of birth, details about medical records, and Social Security numbers had been involved in the…
Alexander Martin reports: Insurance companies must stop issuing policies that incentivize making extortion payments in ransomware attacks, a senior White House official said on Friday. The call for the practice to end, which was made without any indication the White House was formally proposing to ban the practice, follows the fourth annual International Counter Ransomware…
Dr. Tim Sandle reports: Hezbollah data breach in Lebanon is the latest major data breach recorded, causing thousands of injuries and nine fatalities. New research has identified the most recent and biggest data breaches involving government or public entities, analysing the year of the breach, the number of people affected, the number of articles written, and how the breach…