GVS reports: A hacking group claiming to be Russian-linked cybercriminals has published sensitive data from one of Australia’s largest law firms, HWL Ebsworth, after the firm refused to pay their ransom demands. The AlphV ransomware gang, also known as BlackCat, announced on the dark web that it had released 1.45 terabytes of data allegedly stolen…
Category: Subcontractor
Data on as many as 100,000 Nova Scotia healthcare staff stolen in MOVEit breach
As most people know by now, there are a LOT of victims from Clop’s attack on Progress MoveIT. So many, in fact, that they posted an announcement to all victims, giving the victims until June 14 to contact Clop to negotiate payment to delete data. The Boots pharmacy chain in the U.K. was affected, but…
British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
Jessica Lyons Hardcastle reports: British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app. Microsoft reckons the Clop ransomware crew stole the information. British Airways, the BBC, and Boots were not hit directly. Instead, payroll services…
Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data
Exploiting vulnerabilities in file transfer software for businesses and medical practices can result in a treasure trove of valuable data and the opportunity to try to extort oh, so many victims. First it was an Accellion vulnerability, exploited by Cl0p (past coverage). Then it was a Fortra GoAnywhere vulnerability, exploited by Cl0p (past coverage). Now…
Phishing attack affects Texas patients; at least 130,000 impacted
DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads, in…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….