David Lee reports: Data transparency activists released a massive 600-hour leak of mostly Dallas Police Department helicopter footage, raising more questions about the city’s data security protocols three months after DPD admitted to a 22-terabyte deletion of case data that resulted in the release of criminal defendants awaiting trial. Distributed Denial of Secrets — a…
Category: U.S.
Robinhood Security Breach Exposes Data on Millions of Users
Annie Massa reports: Robinhood Markets Inc. said personal information of about 7 million people — or roughly a third of its customers — was compromised in a data breach last week and that the culprit demanded payment. The intruder obtained email addresses of about 5 million people as well as full names for a separate group…
US seizes $6 million in ransom payments and expected to charge Ukrainian over major REvil cyberattack
Christina Carrega and Sean Lyngaas report: Law enforcement officials have seized an estimated $6 million in ransom payments, and the US Justice Department is expected to announce Monday that it has charged a suspect from Ukraine over a damaging July ransomware attack on an American company in a breakthrough for the Biden administration’s pursuit of cybercriminals, CNN…
Update on impact of the Washington Central Unified Union School District ransomware attack
On October 28, this site noted a report that Washington Central Unified Union School District in Vermont had been the victim of an as-yet-unconfirmed ransomware attack. The district has now issued a notification that makes clear that personal and health information of students and personnel may have been accessed or acquired. Their announcement also indicates…
US Defense Contractor Discloses Data Breach
Dark Reading reports: Electronic Warfare Associates (EWA), a US defense contractor, has confirmed a data breach in which attackers exfiltrated files containing personal information. The breach began with a phishing attack that had “some limited impact” on EWA email accounts, officials report in a notification letter. Their investigation determined an attacker broke into EWA email accounts…
What happened, Friday edition
It’s often quite difficult to code incidents for analysis purposes. Consider the following notification’s description of what happened, as one example: Mesa, AZ: November 3, 2021 – Baywood Medical Associates, PLC dba Desert Pain Institute (“DPI”), a health care provider specializing in pain management located in Mesa, Arizona, has become aware of a data security incident…