Carl Campanile reports: More than 380,000 additional city public-school students had their personal data hacked in a massive cyber attack — bringing the total number of kids affected to well over 1 million, The Post has learned. The New York City Department of Education last week began sending letters notifying the hundreds of thousands of additional current and…
Category: U.S.
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
CISA’s KEV catalog making a positive difference to defenders
Jonathan Greig reports that a CISA resource is having a positive effect at both a federal level as well as for non-governmental organizations: The Cybersecurity and Infrastructure Security Agency (CISA) has run its Known Exploited Vulnerabilities (KEV) catalog for nearly three years and it has quickly become the go-to repository for software and hardware bugs actively being exploited by hackers around the world. Experts…
Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company
For those who would like a timely reminder about making sure you terminate access and take control of devices immediately when an employee or contractor terminates employment, consider this press release from the Southern District of New York on May 1. Damian Williams, the United States Attorney for the Southern District of New York, announced…
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
Note: Marco A. De Felice (aka @amvinfe) has been doing some great investigative blogging on ransomware groups and incidents. If you’re not checking his SuspectFile site regularly, you are missing out on some of his exclusive reporting. De Felice’s recent coverage of Medusa’s attack on Northeast Ohio Neighborhood Health (NEON) begins: Another significant data breach…
Zoom misrepresents its Global Select service, then won’t cancel and refund? An FTC complaint has now been filed.
Pop Quiz: A company misrepresents what its service can do. An innocent consumer, having relied on their claims, signs up for their service but soon discovers that it cannot do what Sales had assured them it would. Upon discovering the misrepresentation within days of subscribing to the service, the consumer immediately tries to cancel the…