In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
Category: Hack
Years later, Marriott admits data were not encrypted before its 2018 data breach. Now what?
What might happen to a company that has been making false claims about its system security for more than five years after experiencing a massive data breach? Will state attorneys general, the SEC, and the FTC investigate and possibly penalize them for a significant misrepresentation to consumers and regulators? CSO Online has a significant update…
Germany summons Russian envoy over Fancy Bears cyberattack
DW reports: Germany accused Russia’s military intelligence service, the GRU, on Friday of being behind a 2023 cyberattack that targeted the Social Democrats (SPD). NATO member Germany has been among the Western nations providing military support to Ukraine as it fights a Russian invasion and there have also been recent accusations of increased espionage. In June 2023, the SPD announced that cybercriminals had…
Oregon DMV sued over 2023 MOVEit data breach
In June 2023, DataBreaches reported that the Oregon Department of Motor Vehicles (DMV) had become a victim of the MOVEit breach by Clop. The DMV reported that 3.5 million drivers may have been affected. At the time, the state issued a statement saying, in part: We do not have the ability to identify if any…
Conservative News Websites Hacked, Replaced With Page Leaking Private Information
Charlie Nash reports: Two conservative news websites – Human Events and The Post Millennial – were hacked on Thursday evening and replaced with a page leaking private information. Both websites were taken down by unnamed hackers and replaced with a fake coming out letter purported to be written by Post Millennial senior editor Andy Ngo. […] At the…
Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO
Zack Whittaker reports: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a…