Zack Whittaker reports: Over the past year we’ve seen Uber’s former chief security officer convicted in federal court for mishandling a data breach, a federal regulator charge SolarWinds’ security chief with allegedly misleading investors prior to its own cyberattack and new regulations that compel companies to publicly reveal materially impactful data breaches within four business days. It might seem like it’s never…
Category: Of Note
Fred Hutch failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
On December 28, DataBreaches published snippets from a chat with a threat actor (TA) who claimed to have involvement with both the Fred Hutch cyberattack and the Integris cyberattack. In the course of that exchange, the TA surprised DataBreaches by claiming that they had threatened Fred Hutch with swatting patients. From DataBreaches’ previous reporting: “So…
NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failures that violated DFS’s virtual currency and cybersecurity regulations and left the company vulnerable to illicit activity and…
Finland warns of Akira ransomware wiping NAS and tape backup devices
Bill Toulas reports: The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. The agency says that the threat actor’s attacks accounted for six out of the seven cases of ransomware incidents reported last month. Wiping the backups amplifies the damage of the attack and allows…
Follow-on extortion campaign: confirmation of some findings by Arctic Wolf
Bill Toulas of Bleeping Computer reported on a recent Arctic Wolf Labs investigation that caught my eye. Arctic Wolf investigated two cases where victims of the Royal and Akira ransomware gangs who had paid ransoms were subsequently approached by threat actors offering to help them by hacking into the server of the ransomware gangs to…
Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…