Jonathan Greig reports: Morgan Stanley will pay a $35 million penalty to settle charges from the U.S. Securities and Exchange Commission for wide-ranging failures around properly disposing of hard drives and servers containing the personal information of some 15 million customers. The company did not respond to requests for comment, but the SEC said in…
Category: Other
Wolfe Clinic notifies patients of Eye Care Leaders breach
I tweeted this yesterday, but probably should note it here too: When I saw Wolfe Clinic had reported a breach to HHS impacting 542,776 patients, I thought they had just updated their 500k figure from the ransomware attack by Lorenz last year. But it turned out that this was a new, and unrelated report due…
Election data breach attracts Georgia investigators
Danny Hakim, Neil Vigdor and Richard Fausset report: The day after Donald Trump’s supporters stormed the Capitol, a small group working on his behalf traveled to rural Coffee County, Ga., about 200 miles southeast of Atlanta. One member of the group was Paul Maggio, an executive at a firm based in Atlanta called SullivanStrickler, which…
Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement
Mark Townsend reports: Facebook has dramatically agreed to settle a lawsuit seeking damages for allowing Cambridge Analytica access to the private data of tens of millions of users, four years after the Observer exposed the scandal that mired the tech giant in repeated controversy. A court filing reveals that Meta, Facebook’s parent company, has in principle settled for an…
From the “What Could Possibly Go Wrong Department” after it went wrong, Monday edition
In June, many of us first became aware that Facebook was receiving sensitive medical information from hospital websites. Of 33 hospital websites that The Markup tested, 10 of them had trackers (“Meta Pixels”) which sent information to Facebook when a patients clicked a button on the hospital’s site to schedule an a medical appointment. This…
Disrupting SEABORGIUM’s ongoing phishing operations
From Microsoft’s Blog: The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft…