Update: The Washington Post, who broke the story, updated their coverage to indicate that the threat actors are DarkSide. DataBreaches.net, who had recently interviewed DarkSide, reached out to ask them for a comment about the Colonial Pipeline report. They politely responded “Hello, no comments,” but then immediately sent another reply explaining, “At the time of…
Category: Of Note
In Capital One Data Breach Litigation Federal Judge Grants Capital One’s Motion To Certify Question to Virginia Supreme Court
Kristin L. Bryan of Squire Patton Boggs writes: CPW [Consumer Privacy World] has been tracking since last year the Capital One data breach multidistrict litigation (remember that privilege ruling?). Well, today the federal judge overseeing the litigation granted Capital One’s motion to certify to the Virginia Supreme Court a question of whether there exists under Virginia…
UK: Edinburgh mental health clinic in probe after client information accessed in scam
James Delaney reports: An Edinburgh mental health clinic is at the centre of a probe into a data breach resulting in hundreds of client contact details being accessed as part of a phishing scam. Bosses at The Edinburgh Practice, which offers a range of psychological and psychiatric counselling, were accused of failing to properly notify patients of the…
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software
Charlie Osborne reports: Security researchers have provided insight into how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. In a report due to be published on Thursday, Sophos described the case, in which the team was pulled in to neutralize an active cyberattack…
Scraping Episodes Highlight Debate Over Anti-Hacking Law’s Scope
Andrea Vittorio reports: Recent data scraping incidents at Facebook Inc. and LinkedIn Corp. highlight an ongoing debate over whether companies can invoke an anti-hacking law to restrict rivals or other actors from harvesting information from people’s online profiles. The issue could reach the U.S. Supreme Court, in a case over a data-scraping dispute between LinkedIn and workforce…
Peloton’s leaky API let anyone grab rider’s private account data
Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…