Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class…
Category: Of Note
CISA Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as…
Clop gang to earn over $75 million from MOVEit extortion attacks
Lawrence Abrams takes us through a recent Coveware report on Clop’s shifting strategies and how recent trends in exfiltration-only have impacted the amount of ransom victims are paying. Read his article on BleepingComputer. Related: Coveware: Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments
Now a third plastic surgery practice has nude patient photos leaked
Earlier this week, DataBreaches reported that two plastic surgery practices in California had both suffered cyberattacks. When the doctors did not pay ransom demands, attackers leaked nude patient pictures and patient info. One attack was by AlphV (BlackCat) on Beverly Hills Plastic Surgery. The other attack was by an unnamed group or individual on Gary…
Eleventh Circuit Requests Refined Class Definition For Data Breach Class Action
Gerald L. Maatman, Jr., Alex W. Karasik, and George J. Schaller of Duane Morris write: In Steinmetz et al. v. Brinker International, Inc., No. 21-13146, 2023 U.S. App. LEXIS 17539 (11th Cir. July 11, 2023), the Eleventh Circuit vacated the district court’s order certifying a nationwide class and California-only class in a data breach case. In so…
Payroll Services Provider UKG Agrees to $6 Million Settlement in Data-Breach Lawsuit
James Rundle reports: Payroll services provider UKG has agreed to settle a class-action lawsuit stemming from a cyberattack in 2021, capping a significant piece of litigation that emerged from the incident. A ransomware strike in December 2021 forced parts of UKG’s Kronos Private Cloud product offline, disrupting software that tracked employee hours during the Christmas holiday period….