The first time DataBreaches remembers hearing about the man who calls himself “USDoD” was when he posted a sales listing for member data from InfraGard. He had not only managed to acquire data on 80,000 members of an organization dedicated to protecting critical infrastructure, but his revelation of his method exposed some embarrassingly inept security…
Category: Miscellaneous
Save the Children confirms systems breach
Claudia Glover reports: Save the Children appears to have been hacked by the Chinese data extortion gang BianLian, according to data posted to the latter’s victim blog. Though it does not mention the charity by name, the cybercrime organisation claims to have stolen up to 8GB of files from an international NGO “employing over 25,000…
Thousands have SSNs leaked after ransomware attack on Ohio state archive org
Jonathan Greig reports: One of the oldest historical societies in the state of Ohio was hit with a ransomware attack that leaked the sensitive information of thousands, according to a statement the organization released this week. The Ohio History Connection is a statewide history nonprofit chartered in 1885 that manages more than 50 sites and…
National Student Clearinghouse notifies schools of MOVEit breach
On June 24, DataBreaches reported that the National Student Clearinghouse was one of the victims of the MOVEit breach by Clop, In that report, DataBreaches stated that the clearinghouse’s statements to date had not indicated whether they had paid any ransom demand, but DataBreaches had learned that their name had been removed from Clop’s leak…
NYC schools disclose student and staff information affected by MOVEit breach; National Student Clearinghouse silent on question of extortion payment
Jessica Gould reports: The New York City Department of Education estimates that the personal data of some 45,000 students was compromised as part of a breach involving the file transfer software MOVEit. Officials said the compromised data includes social security numbers, birth dates and certain student evaluations, though the specific types of data breached varies…
Over 100,000 compromised ChatGPT accounts found for sale on dark web
Laura Dobberstein reports: Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year. The amount of stolen accounts steadily climbed from 74 in June 2022 to 26,902 in May 2023. April 2023 was an outlier – a moderate decline was seen…