Jason Stoongenke reports: Workers across the country are finding out they owe their employers money after hackers attacked a company that handles timesheets. The service was out for several weeks. In December, Kronos, which handles timesheets for many major companies, experienced a ransomware attack, causing its systems to be down for about seven weeks. Read…
Category: Commentaries and Analyses
Today’s exercise in reading between the lines
A recent notification by Aon had DataBreaches wondering exactly what went on with their incident response. Consider their description of what happened: What Happened? On February 25, 2022, Aon identified a cyber incident that, upon investigation, impacted a limited number of systems. Once the incident was discovered, Aon immediately retained leading cybersecurity firms to assist…
Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing
James Bogan III of Kilpatrick Townsend & Stockton LLP writes: Takeaway: In a prior article, we reported on the Second Circuit’s decision in McMorris v. Carlos Lopez & Associates, LLC, 995 F.3d 295 (2d Cir. 2021), in which the court, ruling on an issue of first impression, set out a non-exhaustive three-factor test for determining…
Food For Files: GoodWill Ransomware demands food for the poor to decrypt locked files
Waqas reports: GoodWill ransomware attackers share a three-page ransom note asking the victim to perform three tasks to get the decryption key- they want them to donate to the homeless, feed poor kids, and provide financial assistance to a patient in need. CloudSEK Threat Intelligence Research team has warned about new ransomware dubbed GoodWill Ransomware that can…
UK: Two More Nails in the Coffin for Opportunistic Data Breach Claims
Victoria Leigh of Squire Patton Boggs writes: Following on from a string of cases in 2021 concerning minor data breaches (see our earlier article here), two further cases in Q1 of 2022 have continued the trend of High Court scepticism. Such compensation claims, usually involving multiple causes of action, often find themselves trimmed down and sent…
Open source packages with millions of installs hacked to harvest AWS credentials
ITPro reports: Software developers and cyber security experts have discovered a new software supply chain hack that is attempting to harvest Amazon Web Services (AWS) cloud credentials. The compromise of two popular open-source packages – Python’s eight-year-old CTX and PHP’s phpass – has led to developers scrambling to understand their exposure to the threat. A combined 3 million users…