Carly Page reports: LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party…
Category: U.S.
OK: Charged with sex crime, former Byng Public Schools employee had 200 community members’ images
Tres Savage reports: A former information technology professional at Byng Public Schools in Pontotoc County has been charged with three felonies for allegedly accessing a teacher’s personal Snapchat account, stealing her private nude photos and attempting to trade them for other nude photos with at least one district student. According to state law enforcement, Zachary…
TSA ‘no fly’ list leaked after being found on unsecured airline server
Chris Pandolfo reports: The Swiss hacker known as “maia arson crimew” blogged Thursday that she discovered the Transportation Security Administration “no fly” list from 2019 and a trove of data belonging to CommuteAir on an unsecured Amazon Web Services cloud server used by the airline. The hacker told The Daily Dot the list appeared to have more…
BlackCat adds NextGen to its leak site, but …. where did it go?
On January 17, BlackCat (aka ALPHV) added NextGen to their leak site. On January 19, DataBreaches sent an email inquiry to NextGen asking when they were attacked, whether files had been encrypted, and whether any employee data or patient data had been accessed or exfiltrated. NextGen responded promptly and then sent the following statement: NextGen…
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
Sergiu Gatlan reports: Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors’ personal information, including Social Security Numbers (SSNs). LAUSD also revealed that the threat actors were active in its network for over two months, between July 31, 2022,…
WA: Pierce County accidentally shared SSN info linked to hundreds of thousands of voters
Shea Johnson reports: Pierce County inadvertently shared the last four Social Security digits for more than 463,000 registered voters in response to a public records request, spokeswoman Libby Catalinich said Wednesday. The sensitive information was sent by mistake last month to one person who sought public voter registration records from the county, Catalinich told The…