For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company…
Eric Katz reports: Current federal employees, retirees and others impacted by widespread breach of personal data maintained by the Office of Personnel Management took advantage of only a small portion of the money made available in a settlement agreement following the 2015 hack. Plaintiffs in the class action lawsuit reached a settlement in 2022 with…
There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in…
TechCrunch recently did its annual write-up of badly handled data security incidents. The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…
There are always a ton of articles at the end of every year recapping what went wrong. Over on TechCrunch, Zack Whittaker and Carly Page have their annual list of breaches handled poorly. This year’s list includes 23andMe, Change Healthcare, Synnovis, Snowflake, Columbus Ohio, Salt Typhoon, Moneygram, and HotTopic. DataBreaches generally agrees with their recap,…
Bill Toulas reports: The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. The cybercriminals announced that they are contacting those companies directly to provide links to a secure chat channel for conducting ransom payment negotiations….