— An OpEd by DataBreaches– When it comes to data breach disclosures, the very same entities who claim to take our privacy and security very, very seriously are generally not being transparent in their breach disclosures. Their refusal to be transparent often results in consumers and patients being left in the dark about the risks…
Category: Of Note
It’s Still Easy for Anyone to Become You at Experian
Brian Krebs reports: In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at…
Time’s up: SingularityMD sets up to sell data from Jeffco Public Schools
It looks like “SingularityMD,” the hacker(s) of Clark County School District in Nevada and Jeffco Public Schools in Colorado, are looking to start selling the data they exfiltrated. In an introductory post today on Breach Forums, they write: We are SingularityMD. We specialize in low sophistication corporate network infiltration. We are behind the following hacks…
Optus loses court bid to keep report into cause of cyber-attack secret
Josh Taylor reports a win for transparency: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack – which resulted in the personal information of about 10 million customers being exposed – after a judge rejected the telco’s legal privilege claim. After the hack, the company announced…
UK: Nearly £2 million of stolen cryptocurrency to be paid back to victims
An interesting press release from the South East Regional Organised Crime Unit (SEROCU): Around £1.9 million worth of stolen cryptocurrency is to be paid back to victims of theft as a result of work by the South East Regional Organised Crime Unit (SEROCU). On 27 January this year, 40-year-old Wybo Wiersma, of Het Weike, Goredijk,…
Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack
Team Huntress writes: In a concerning development within the healthcare sector, Huntress has identified a series of unauthorized access that signifies internal reconnaissance and preparation for additional threat actor activity against multiple healthcare organizations. The attackers abused a locally hosted instance of a widely-used remote access tool, ScreenConnect—utilized by the company Transaction Data Systems (which…