Kirsten Errick reports that a lawsuit against Pearson stemming from a 2018 breach that they were alerted to in 2019 has been tossed for lack of Article III standing: Judge John Z. Lee of the Northern District issued an opinion on Tuesday granting Pearson’s motion to dismiss regarding the data breach of its AIMSweb testing platform, which…
Category: Hack
NZ police terminate contract with Gravitas after breach
Tom Pullar-Strecker reports: Police are axing their contract with Auckland research firm Gravitas after information they sent the firm about police complainants was lost in a Nigerian hack. Assistant commissioner Jevon McSkimming announced earlier this month – without naming the company – that Gravitas had alerted Police to the data breach and had also reported it…
Data Breach at Crypto Wallet Firm Ledger Exposes User’s Personal Info
Mohammad Musharraf reports: Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July. In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a…
Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev
Catalin Cimpanu reports: Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month. The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database. Read more on ZDNet.
Hiscox Hack Suit Advances as Warden Grier Loses Dismissal Bid
Julia Weng reports: Hiscox Insurance Co. Inc. can move forward with claims against Warden Grier LLP, which lost a bid to dismiss allegations that fault the law firm’s handling of a hack that exposed the insurer’s data. Read more on Bloomberg. As reported on DataBreaches.net in 2018, thedarkoverlord (“TDO”) had started leaking what they claimed…
Ongoing Meow attack has nuked >1,000 databases without telling anyone why
In March, thousands of elastic search installations were wiped out and all that was left was a calling card, “NightLionSecurity.com.” Now there’s a new round of attacks using a “Meow” calling card as they wipe out ElasticSearch and MongoDB databases. Dan Goodin reports: More than 1,000 unsecured databases so far have been permanently deleted in…