The timeline from their notification to consumers tells the sad story: Notice of Data Security Incident We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information. What…
Category: Of Note
Big news from DOJ: Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant
FBI Offers Decryption Tool to Over 500 Victims Around the World, Additional Victims Encouraged to Come Forward The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world…
China issues draft contingency plan for data security incidents
Eduardo Baptista reports: China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders. The contingency plan comes amid heightened geopolitical tensions with the United States and its allies and follows an incident last year when a hacker claimed…
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
Ryan Tomcik, Adrian McCabe, Rufus Brown, and Geoff Ackerman write: Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign promoting malicious websites themed around unclaimed funds. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and leveraged malicious advertisements to affect…
FCC Approves Major Updates to Data Breach Notification Rules
Chris Riotta reports: The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public with real-time information about harmful data breaches. The new rule expands the scope of the FCC’s breach notification requirements…
MoD fined £350k over data breach that endangered lives of Afghan interpreters
Public Technology reports: The Ministry of Defence has been fined £350,000 over a data breach that divulged the identities of hundreds of Afghan nationals who worked for the UK government in Afghanistan. According to data watchdog the Information Commissioner’s Office, the incident allowed 245 recipients of an email about the evacuation of eligible people to…