There’s an update to breach previously reported here in 2023. Brian Krebs reports: In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in…
Category: Of Note
RIBridges firewall worked. But forensic report says hundreds of alarms went unnoticed by Deloitte.
Alexander Castro reports: A cybercriminal group breached the state’s public benefits portal last July, lingered inside the network’s backend for five months, and triggered hundreds of firewall alerts when it transferred gigabytes of Rhode Islanders’ data to its own servers in November. But RIBridges system vendor and manager Deloitte, a multinational firm valued at $67.2 billion last…
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
Tanaya Macheel reports on what appears to be a very costly attack that involved bribing overseas agents: Coinbase on Thursday reported that cyber criminals bribed overseas support agents to steal customer data to use in social engineering attacks. The incident may cost Coinbase up to $400 million to fix, the company estimated. The crypto exchange operator…
Department of Justice says Berkeley Research Group data breach may have exposed information on diocesan sex abuse survivors
Daniel Payne reports: The U.S. Department of Justice says a recent data breach of a California consulting firm exposed data of Catholic clergy abuse survivors in nearly a dozen bankruptcy lawsuits. In a May 6 letter addressed to attorneys at law firm Proskauer Rose LLP, the Justice Department’s Nan Eitel, the associate general counsel for Chapter…
PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
Here’s today’s reminder not to waste your money paying criminals to delete data. After PowerSchool became aware of a hack in December 2024, they paid the then-unnamed attacker(s) to delete data. They subsequently informed their affected clients that they had observed the data deletion and believed that the data had been deleted, and that there…
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
From Mandiant: UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they…