Mathew J. Schwartz reports: Russian police arrested “three young IT specialists” suspected of developing and selling the Meduza credential-harvesting malware. Authorities from the Ministry of Internal Affairs of Russia, together with police investigators, charged the men with developing and supplying the information-stealing malware, and tied it to an attack that breached and stole data from…
Massive Great Firewall Leak Exposes 500GB of Censorship Data
Mathura Kayir reports: In a historic breach of China’s censorship infrastructure, over 500 gigabytes of internal data were leaked from Chinese infrastructure firms associated with the Great Firewall (GFW) in September 2025. Researchers now estimate the full dump is closer to approximately 600 GB, with a single archive comprising around 500 GB alone. The material…
UK: Woman charged after NHS patients’ records accessed in data breach
Today’s reminder of the insider threat comes to us from the National Health Service in the U.K. Craig Meighan and Billy Gaddi report: A woman has been charged after Scots patients had their private medical records accessed during an NHS data breach. Reports suggest around 100 patients in NHS Lothian could have had their records…
Landmark civil penalty of AU$5.8 million issued under Australia’s Privacy Act
Charmian Aw, Melissa B. Levine, and Ciara O’Leary of Hogan Lovells write: On 9 October 2025 the Federal Court of Australia (the Court) imposed an AU$5.8 million civil penalty on Australian Clinical Labs Limited, one of Australia’s largest private hospital pathology service providers (the Company), for systemic failures that led to the unauthorised access to…
How many courts have had sealed and sensitive files exposed by one vendor’s error?
DataBreaches recently reported that researchers had discovered two courts had sealed filings and court records exposed, but the vendor responsible wasn’t responding to notifications. Despite months of trying to get a software vendor to respond to alerts that their clients’ files are exposed on the internet — including confidential and sealed court records — the…
Ukrainian Conti Ransomware Suspect Extradited to US from Ireland
Waqas reports: A Ukrainian national accused of helping run one of the world’s most damaging ransomware operations, Conti, is now in US custody. After being extradited from Ireland, 43-year-old Oleksii Oleksiyovych Lytvynenko made his first court appearance in the Middle District of Tennessee to face charges tied to the Conti ransomware group. Prosecutors allege that…