For some perspective on the numbers affected by breaches over time, Emma Woollacott reports: Around seven British user accounts were breached every minute during the second quarter of 2025 – more than three million in total. While data breaches dropped globally by 58% from the previous quarter, the number rose from 70 million to 94…
Category: Commentaries and Analyses
The day after XSS.is forum was seized, it struggles to come back online — but is it really them?
Ever since law enforcement announced the arrest of an administrator of the XSS.is forum, forum members watched threads disappear from the site, and then a seizure notice splash screen appeared. No administrator or moderator had made any statement about the arrest or situation despite pleas from forum members for some clarification, and attempts to discuss…
Korea imposes 343 million won penalty on HAESUNG DS for data breach of 70,000 shareholders
Kim Su-jeong reports: The Personal Information Protection Commission announced on the 24th that it imposed a penalty surcharge of 343 million won [USD $250,136.73] on HAESUNG DS, a semiconductor parts company, after it left vulnerabilities in its network security equipment unattended, resulting in a hacker attack that leaked personal information of over 70,000 shareholders. According…
Paying cyberattackers is wrong, right? Should Taos County’s incident be an exception? (1)
How many times have we read that paying a threat actor’s extortion demands only encourages more financially motivated crime and doesn’t ensure that the data won’t be retained or re-sold or leaked? Those making that argument appear to be generally correct, but are there exceptions? For years now, DataBreaches has gone back and forth between…
Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
Over on SuspectFile, Marco A. De Felice (@amvinfe) considers the troubling use of injunctions, SLAPP suits, and superinjunctions that prohibit the press from performing its duty to inform the public on matters of importance. The topic was back in the news this week after a superinjunction obtained by the U.K. Ministry of Defence to block…
North Country Healthcare responds to Stormous’s claims of a breach (1)
On July 13, DataBreaches reported that the Stormous gang claimed to have exfiltrated 600,000 patients’ records from North Country Healthcare (NCH) in Arizona. At the time they provided a small sample of records in .csv format and indicated that they were going to leak 100,000 records for free and sell the other 500,000 records. Because…