As incident response and public relations go, blaming victims for your breach is generally not an impressive strategy. Michael Edgar reports that 23andMe seems to be doing exactly that: Months after the San Francisco based company experienced a data breach impacting about 6.9 million users, 23andMe is now facing criticism for blaming victims of the breach and…
Category: Of Note
UnitedHealth alleges trade secret theft by ex-execs
Nona Tepper reports: Two former UnitedHealth Group executives allegedly took trade secrets with them on the way out the door and used the information to found a pair of diabetes management startups, the conglomerate claims in a federal lawsuit. UnitedHealth Group filed suit against Ken Ehlert, Mark Pollmann and other leaders of Lore Health and…
The State of Ransomware in the U.S.: Report and Statistics 2023
Data analyses and commentary by Emsisoft begins: “From 2016 to 2021, we estimate that ransomware attacks killed between 42 and 67 Medicare patients.” — McGlave, Neprash, and Nikpay; University of Minnesota School of Public Health1 In 2023, the U.S. was once again battered by a barrage of financially-motivated ransomware attacks that denied Americans access to…
Operation Triangulation: The last (hardware) mystery
Boris Lairn reports: Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our…
Parathon by JDA e-Health: what we still don’t know about their July ransomware incident
On August 1, DataBreaches noticed that Parathon by JDA e-Health had been listed on the Akira ransomware leak site. Neither Akira nor Parathon responded to DataBreaches’ inquiries at the time, as DataBreaches reported on August 6. On October 30, Parathon issued a notice of security incident. The notice stated, in part: On July 27, 2023,…
New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month
Lawrence Abrams reports: Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for free. However, BleepingComputer has learned that the Black Basta developers fixed the bug…