Wow. From Flashpoint, yesterday: On March 3, 2021, Flashpoint detected a breach of the elite Russian cybercrime forum known as “Maza” (originally called “Mazafaka”). This breach follows recent attacks (both attempted and successful) on other Russian cybercrime forums, including the takeover of Russian-language forum Verified. Known to be in operations as far back as 2003, Maza…
Category: Of Note
Court Upholds Insurers’ Denial of $6M Crime Claim for Phishing Loss
Andrew G. Simpson reports: Real estate software maker RealPage has been denied a $6 million computer crime insurance coverage claim because the stolen funds were not in its possession but were instead being held by a payment processing firm at the time of a phishing scheme. National Union Fire Insurance Co. (a unit of American…
Mandiant issues final report on its investigation into Accellion breach
Yesterday, Mandiant issued its final report on its investigation into the Accellion data breach that impacted a number of its big clients including Jones Day law firm, SingTel, Bombardier, Goodwin Procter, the Transport for NSW, the New Zealand Reserve Bank, and others. You can find the report here (pdf). And while the investigation may be…
Updating the Maze attack on Fairfax County Public Schools
In September, 2020 Fairfax County Public Schools in Virginia was hit with Maze ransomware.The attack was announced on Maze’s dedicated leak site in early September, and after multiple queries by this site, FCPS issued a statement confirming that they had been attacked. One month later, the threat actors started dumping some data on their leak…
Dozens of institutional abuse victims to sue over data breach
Claire Simpson reports an update to an email gaffe breach that I had characterized as one of the worst breaches in 2020. I had been somewhat surprised to later read that four out of five victims groups were backing Brendan McAllister. I am not surprised that at least some of those exposed by the breach…
The Jones Day dump contains prescription drug records. Who’s notifying those patients of the breach?
By now, many are aware that Jones Day, a giant law firm, had some of its files stolen due to vulnerabilities in the standalone file transfer administration system by Accellion. Jones Day is one of dozens of Accellion clients that have found themselves investigating and dealing with breaches affecting their businesses and clients. The Jones…