Update: On April 28, Yellow Pages issued a breach notification to employees affected by the breach. The notification reports that the types of information involved varied by individual and may have included name, email address, postal address, Social Insurance Number (where applicable), bank account information, emergency contact information, salary information, and date of birth. For…
Category: Non-U.S.
Naivas Supermarket’s System Hacked, Data Stolen
Wycliffe Musalia reports that Kenya’s Naivas supermarket chain in Kenya has been the victim of a ransomware incident, but the chain assures customers that certain customer data such as payment card data was never at risk because it is not stored on their system. From the news report, it sounds like the company notified law…
Campbellford Memorial Hospital employee makes ‘unauthorized’ access to 3,500 patient records
Greg Davis reports: Campbellford Memorial Hospital says an employee has apologized for making “unauthorized” access to more than 3,500 patients records. Global News Peterborough has obtained a copy of one of the 3,500 letters sent to patients last week outlining a privacy breach at the hospital in the Municipality of Trent Hills. In the letter, hospital chief privacy…
Russian hackers exfiltrated data from from Capita over a week before outage
Kevin Beaumont writes: Capita have finally admitted a data breach, but still do not think they need to disclose key details of the incident to customers, regulators, impacted parties and investors. So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta ransomware group using…
Bits ‘n Pieces (Trozos y Piezas)
Cementos Bío-Bío S.A attacked by BlackByte Cementos Bio-Bio S.A, a Chilean cement company, was added to BlackBye’s leaks site on April 9. DataBreaches found no notice of any incident on the main cbb.cl website, but the cbbexpress.cl customer portal had a notice about interruptions: “At this time we are having intermittencies with our services. If…
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers
Ravie Lakshmanan reports: Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also tracked by the broader cybersecurity community as Bronze Highland and Evasive Panda….