Sven Taylor reports: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database acquired from this exploit is now being sold on a popular hacking forum, posted earlier today. Back in January, a report…
Category: U.S.
RI: City of Newport advising past, current employees of potential data loss
Ryan Belmore reports: After an exhaustive investigation following the discovery of a suspicious email on one of the City’s internal networks, current and former municipal employees are being notified of a suspected security incident that may have left certain personal information compromised. […] Through the investigation, the City learned that there was unauthorized activity in…
Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms
Elise Elam and Benjamin Wanger of BakerHostetler write: We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions…
Oklahoma City Housing Authority Provides Notice of Data Breach
Oklahoma City Housing Authority (“OCHA”) is notifying individuals of data incident. To date, we have no evidence of actual or attempted misuse of information as a result of this incident. This notice provides details about the incident, our response, and resources available to help protect information. What Happened? On December 21, 2021, OCHA discovered unauthorized emails were…
Uber enters non-prosecution agreement; admits 2016 data breach coverup
SAN FRANCISCO –Uber Technologies, Inc., has entered a non-prosecution agreement with federal prosecutors to resolve a criminal investigation into the coverup of a significant data breach suffered by the company in 2016, announced United States Attorney Stephanie M. Hinds and Federal Bureau of Investigation Special Agent in Charge Sean Ragan. As part of a non-prosecution…
UT: Technical problem causes security breach in Tooele County School District, may have exposed 1000 students’ info
Debbie Worthen reports: Hundreds of students’ personal information was potentially compromised in what the Tooele County School District called a “technical problem” as the district switched from Aspire to Skyward. Skyward is a software company specializing in K-12 school management. It includes student records and personal information. This week, families of the over 21,000 students…