There’s another update to the “encryption event” first disclosed by Minneapolis Public Schools (MPS) in February. As of their most recent last update, MPS had stated that they had been able to restore systems and no ransom had been paid. At that time, DataBreaches had not found any gang claiming responsibility for the breach or…
Category: Of Note
Germany and Ukraine hit two high-value ransomware targets
On 28 February 2023, the German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police (Націона́льна полі́ція Украї́ни), with support from Europol, the Dutch Police (Politie) and the United States Federal Bureau of Investigations, targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. This ransomware appeared…
Medicare under attack: Healthcare data breaches increase fraud risks
Melissa D. Berry reports: Stealing Medicare beneficiary identification numbers has become the latest goal for cybercriminals who see this data as even more valuable than stolen credit cards. A South Florida man pled guilty in federal court in late-January to “conspiring to buy and sell more than 2.6 million Medicare beneficiary identification numbers” and other…
FTC Publishes Blog Post on Data Security Practices for Complex Systems
Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders. Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.” These practices include: (1) offering multi-factor…
CISA Advisory: Royal Ransomware
Release Date: March 02, 2023 Alert Code: AA23-061A SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations…
Za: Businessman convicted of Experian data breach skips sentencing, court issues warrant for his arrest
Jeanette Chabalala reports: A man who was convicted of fraudulently obtaining the personal data of millions of South Africans is a wanted man after he skipped his sentencing. Karabo Phungula failed to appear in the Specialised Commercial Crimes Court, sitting in the Palm Ridge Magistrate’s Court, for his sentencing on Wednesday. It was the second…