The Office of Inadequate Security
The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…
Lucy Clarke-Billings reports: The Ministry of Justice has said it is aware of a data breach affecting prisons in England and Wales. Confidential prison layouts had been leaked onto the dark web in the past two weeks, according to The Times. A former prison governor told the paper organised crime groups could potentially use the information…
Bill Toulas reports: Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called “nearest neighbor attack.” The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range. The attack…
Clyde & Co write: The new Regulations on the Management of Network Data Security (《网络数据安全管理条例》) [1] (the “Regulations”) were issued by the State Council of the People’s Republic of China (“China”) on 24 September 2024 and will come into force on 1 January 2025. With a focus on network data [2], the Regulations supplemented and…
Here’s today’s reminder that it’s not always the huge-number breaches that pose the most risk or actual physical danger to people. Anosha Shariq reports: A helpline for Yakuza victims faces a shocking data breach, exposing personal details of 2,500 individuals and sparking fears of retaliation and safety risks. A tragic irony has unfolded as the…
Daniel Croft reports: The incident was claimed by CyberN—–s members IntelBroker and EnergyWeaponUser, who originally said it was a Tesla EV charging station database containing files that belonged to Tesla. However, thanks to a tipoff by researcher DarkWebInformer and IntCyberDigest, the threat actors amended the listing to say it was a “random 3rd party company…