A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Lockbit group.” If those who exfiltrated the data had no association with LockBit, why was the listing on LockBit’s site?…
Category: Hack
Au: Diabetes WA reveals data breach
Richard Chirgwin reports: Diabetes WA has disclosed a data breach affecting people who engaged with its telehealth service. In a breach notice posted Tuesday, the organisation said a “third party” gained “access to the personal information of some … contacts.” The personal information possibly exposed in the breach includes name, address, date of birth, email, phone number,…
City of Hope updates a breach disclosure, reports 827,149 patients affected in ransomware attack last year
City of Hope updated its breach disclosure. DataBreaches can now reveal some previously undisclosed details about the 2023 incident. In December 2023, City of Hope, a cancer treatment center in Duarte, California, notified HHS that it had experienced a breach. Its report indicated that “501” patients had been affected, but this was just a marker…
Cybercriminals Abused Remote Desktop Protocol (RDP) in 90% of Attacks Handled by Sophos Incident Response in 2023
Some more analysis of 2023 breaches. Sophos reports that for more than 150 incident response (IR) cases it handled in 2023, cybercriminals abused remote desktop protocol (RDP) in 90% of attacks. This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020. In addition,…
Ernest Health rehabilitation hospitals notify patients of ransom attack in January (2)
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient data that included names and at least one of “addresses, birth dates, medical record numbers,…
Hackers stole Russian prisoner database to avenge death of Navalny
Sean Lyngaas and Darya Tarasova report: Within hours of opposition leader Alexey Navalny’s death in February in a Russian prison, a group of anti-Kremlin hackers went looking for revenge. Using their access to a computer network tied to Russia’s prison system, the hackers plastered a photo of Navalny on the hacked prison contractor’s website, according to interviews with the…