Jessica Lyons Hardcastle reports: More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that’s being exploited in the wild. This is according to infosec outfit Bishop Fox, which has developed an example exploit for achieving remote code execution via the hole. Successful exploitation of the…
Category: Commentaries and Analyses
ARx Patient Solutions and ARx Patient Solutions Pharmacy notify patients of a March, 2022 breach
ARx Patient Solutions and its affiliate pharmacy, ARx Patient Solutions Pharmacy, have issued a press release about a data breach affecting patient data. Their notice states, “It was determined that in March 2022, an employee email account was compromised and accessed by an unauthorized third party.” The types of patient information that may have been…
Breach Victims Have Standing When Data Misused, 1st Circuit Says
Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.
On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…
Costs of some 2022 ransomware attacks: Whitworth University hit with federal lawsuit, Little Rock School District tallies its costs
Whitworth University may start experiencing more legal costs stemming from a ransomware attack in 2022. Kip Hill reports: A Whitworth University student is asking a federal judge to approve a class action against the school for damages stemming from a ransomware attack discovered in July 2022 that affected more than 65,500 people. The lawsuit, filed…
Barrow County notifies people of a breach that began more than a year ago
Barrow County in Georgia issued a breach notice about a breach of its email environment that occurred between March and August of 2022. Its notification, posted on its website, states, in part: The type of information at issue varied for each individual, but included a variation of the following: name; date of birth, Social Security…