Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….
Category: Subcontractor
More details emerge about RIBridges data breach; Deloitte tells state threat actors have leaked data
Threat actors’ leak site unreachable due to DoS attack; DataBreaches given exclusive preview of leak Marc Fortier reports: The hackers behind a major cyberattack that hit the State of Rhode Island’s online system for delivering health and human service benefits have released some residents’ files to a site on the dark web, state officials announced Monday. “Unfortunately,…
ConnectOnCall breach exposes health data of over 910,000 patients
Sergiu Gatlan reports: Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023. ConnectOnCall is a telehealth platform and after-hours on-call answering service with automated patient call tracking for healthcare providers. “On…
Securities and Exchange Commission Settles Charges Against Flagstar for Misleading Investors About Citrix Data Breach
ADMINISTRATIVE PROCEEDING File No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading…
Hong Kong Privacy Commissioner’s Office Publishes Investigation Findings on the Electrical and Mechanical Services Department Data Breach
December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 2024, reporting its suspicion that the personal data of members of the public in its possession was…
Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again
Carly Page reports: Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks. The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress. The flaw was first disclosed by Cleo in a security…