From the Crown Prosecution Service: A blackmailing hacker behind the TalkTalk cyber-attack – which cost the company £77million after the personal details of 157,000 customers were stolen – has today (10 June) been sentenced. Daniel Kelley, 22, admitted targeting at least six organisations by threatening to sell their hacked data on the ‘dark web’ unless…
Category: Of Note
Eight years later, the case against the Mariposa malware gang moves forward in the US
Catalin Cimpanu reports: Eight years after US law enforcement opened a first case in the operations of the Mariposa (Butterfly Bot, BFBOT) malware gang, officials are now moving forward with new charges and arrest warrants against four suspects. The original case started way back in May 2011, when US officials first filed a complaint against…
“Achilles”, Hacker Behind Attacks on Military Shipbuilders, UNICEF & International Corporations
From AdvIntel: Executive Summary Background: “Achilles” is an English-speaking threat actor primarily operating on various English-language underground hacking forums as well as through secure messengers. Achilles specializes in obtaining accesses to high-value corporate internal networks. Verticals: Achilles victims are primarily private sector entities; however, the actor also targeted public domains, government-affiliated companies, and international organizations….
Sock company Bombas fined by NYS for delayed notification of data breach
There’s a follow-up to the Bombas breach that was previously reported on this site. Laura Italiano reports: Sock-maker Bombas has settled the most uncomfortable data-breach probe in the history of feet. New York Attorney General Letitia James on Thursday announced that Bombas LLC — whose ads call their products “the most comfortable socks in the…
Cathay Data Breach Incident – Personal Data Security & Retention Principles Contravened – Lax Data Governance
The following is the media statement from the Privacy Commissioner’s Office following the conclusion of their investigation into the 2018 Cathay Pacific Airways breach. You can download their investigative report from their site here (pdf). The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG today published an investigation report on…
Kansas hospital pays $250K to settle charges it falsified EHR security risk assessment
Nathan Eddy reports: Coffey Health System, a 25-bed critical access hospital in Kansas, has agreed to pay a $250,000 settlement for alleged False Claims Act violations related to its meaningful use attestation. Specifically, the U.S. Department of Justice charged that the hospital falsely attested that it had conducted the necessary security assessment to comply with…