Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…
Category: Of Note
Fonix ransomware shuts down and releases master decryption key
Lawrence Abrams reports: The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. Fonix Ransomware, also known as Xinof and FonixCrypter, began operating in June 2020 and has been steadily encrypting victims since. Read more on BleepingComputer.
Suspected Russian Hackers Gained Edge Through Tech Firm Attacks
Kartikay Mehrotra and Alyza Sebenius report: Whether it was opportunity, strategy or sheer chutzpah, the suspected Russian hackers behind a massive cyber-attack revealed last month focused particular attention on technology companies, including cybersecurity firms entrusted to find malicious activity in their clients’ networks. Four cybersecurity companies announced this week that they had been targeted as…
Crypto Firm hacked for $1.4M reimburses users for stolen BTC and ETH
Varsha Saraogi reports: … In the past year, even established companies such as Twitter, Marriott International and SolarWinds were victims of laptop-wielding larcenists losing millions of resources and user data. Another such firm was Spain-based crypto trading firm 2gether where hackers stole roughly €1.2 m worth of cryptocurrency from its customers’ investment accounts. […] Now,…
Australian government ordered to pay 1,300 asylum seekers whose details were exposed
Christopher Knaus reports an update to a breach that occurred in 2014 — a breach that resulted in entities in numerous countries downloading asylum seekers’ information. The Australian government has been ordered to compensate almost 1,300 asylum seekers whose details were mistakenly exposed online in one of the country’s most shocking privacy breaches. After almost…
NetWalker ransomware leak site seized (UPDATE2)
At some point within the past 24 hours, the dedicated ransomware leak site operated by NetWalker ransomware threat actors was seized by law enforcement. The notice says that it was seized by the FBI in coordination with the U.S. Attorney’s Office for the Middle District of Florida, the Computer Crime and Intellectual Property Section of…