Mathew J. Schwartz reports: The downfall of previously high-flying ransomware operations Alphv and LockBit has shaken up the criminal underground, turning some former affiliates into lone operators and causing some under-the-radar groups to rack up record extortion payments. Ransomware incident response firm Coveware said in a report that 10% of all ransomware attacks it monitored…
Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Lyann Danielak, Joshua Hutchinson, and Robin Reinertson of Blake, Cassels & Graydon LLP write: On July 4, 2024, the B.C. Court of Appeal issued a duo of class action appeal decisions considering the potential scope of statutory and common law privacy claims against data custodians that fall victim to cyberattacks in data breach cases. In…
On July 29, the Department of Justice filed its opening brief in its appeal of Conor Fitzpatrick’s (“Pompompurin’s”) sentence. The issue at the appellate level is “whether the district court abused its discretion in sentencing Fitzpatrick to a 17-day time-served sentence for possessing child pornography and creating and operating the largest English-language data breach forum…
From their WatchBlog: Earlier this month, a software update from the cybersecurity firm CrowdStrike caused Microsoft Windows operating systems to crash—resulting in potentially the largest IT outage in history. Disruptions were widespread. Around the world, businesses and services were unable to operate as computers crashed, and some critical infrastructure sectors (like transportation, healthcare, and finance)…
Bill Fitzgerald (@FunnyMonkey) has written a post that I wish all school districts would read, process, and follow up on. The following is just a snippet from his post: We should assume that the KnowBe4 impersonation and the xz incident are not isolated or unique, and that there are other similar attacks underway that are…