Hunton Andrews Kurth writes: On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS”) disclosed that it had assessed a $60 million penalty against T-Mobile US, Inc. (“T-Mobile”) in connection with unauthorized data access incidents following T-Mobile’s 2020 merger (the “Merger”) with Sprint Corporation (“Sprint”). CFIUS is a U.S. government interagency…
Category: Commentaries and Analyses
Ransom campaign hits cloud servers
Catalin Cimpanu reports: A threat actor is hacking and extorting companies that have misconfigured their cloud server infrastructure. The data extortion campaign has been taking place since earlier this year and involves a large-scale scan of the internet for companies that have exposed their environment variable files. Also known as .ENV, these files act as…
NationalPublicData.com Hack Exposes a Nation’s Data
Brian Krebs reports: On July 21, 2024, denizens of the cybercrime community Breachforums released more than 4 terabytes of data they claimed was stolen from nationalpublicdata.com, a Florida-based company that collects data on consumers and processes background checks. The breach tracking service HaveIBeenPwned.com and the cybercrime-focused Twitter account vx-underground both concluded the leak is the same information first put up for…
Tabb Inc. Security Gaffe Exposes 200,000 Background Check Files for More Than Six Months (2)
An unsecured backup blob exposed pre-employment background checks on approximately 200,000 people. Applicant files contained various amounts of personal and occupational information, including SSN, name, address, driver’s license, date of birth, education and employment history, and in some cases, criminal background checks. Files went back 15 years. The blob was unsecured for at least six…
Update: Gramercy Surgery Center attackers leaked patient data going back 20 years (1)
On June 18, Gramercy Surgery Center in New York discovered it might have been the victim of a cyberattack attack. It had been, and DataBreaches recently reported that the threat actor(s) known as Everest Team leaked more than 460 GB of files they claimed to have exfiltrated. Neither Gramercy Surgery Center (GSM) nor Everest responded…
Leader of International Malvertising and Ransomware Schemes Extradited from Poland to Face Cybercrime Charges
Justice Department Unseals Charges Against Two Additional International Cybercriminals WASHINGTON – A Belarussian and Ukrainian dual-national charged in both the District of New Jersey and Eastern District of Virginia with leading international computer hacking and wire fraud schemes made his initial appearance in Newark, New Jersey, today after being extradited from Poland. As alleged in…