In May, 2021, DataBreaches.net sent an email inquiry to OSF Healthcare in Illinois after seeing that threat actors known as Xing Team claimed to have attacked them and exfiltrated data. OSF Healthcare never responded to the inquiry. In June, after Xing Team started dumping what appeared to be patient data, DataBreaches.net sent OSF Healthcare a…
Category: Commentaries and Analyses
Identity Theft Resource Center to Share Latest Data Breach Analysis With U.S. Senate Commerce Committee; Number of Data Breaches in 2021 Surpasses all of 2020
SAN DIEGO, Oct. 6, 2021 /PRNewswire-PRWeb/ — Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter (Q3) of 2021. According to the data breach analysis, the number of data breaches publicly-reported in the U.S. decreased…
Today’s reminder that small breaches may have the biggest impact
While everyone understandably raises alarms about the possible impact of a ransomware attack, let us never forget that simple, stupid, careless, willful, or just human errors can create significant safety risks for people. A foster family in Missouri is raising concerns about what may be two separate breaches that pose safety risks to them and…
English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack
Steven Baker, Vishnu V. Shankar, and Julia Bihary of Proskauer write: In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for…
Threat actors sometimes name the wrong victims — so why are you just repeating their claims?
Since March, 2021, data exfiltrated from Butler County Sheriff’s Office has been dumped on the dark web and clear net, but those affected may never have known that because the threat actors named the wrong victim. Relying too much on the word of criminals, researchers and compilations also misidentified the victim. Researchers and journalists should…
New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Amitai Ben Shushan Ehrlick reports: SentinelLabs has been tracking the activity of Agrius, a suspected Iranian threat actor operating in the Middle East, throughout 2020 and 2021 following a set of destructive attacks starting December 2020. Since we last reported on this threat actor in May 2020, Agrius lowered its profile and was not observed conducting destructive…