Brandon Vigliarolo reports: The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective. The US Government Accountability Office reported Tuesday that Login.gov, which is managed by the federal government’s General…
Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
There’s an update to a previously reported case. From the U.S. Attorney’s Office, Eastern District of New York, yesterday: Earlier today, in federal court in Brooklyn, United States District Judge Frederic Block sentenced Sagar Steven Singh, also known as “Weep,” to 27 months’ imprisonment for conspiracy to commit computer intrusion and aggravated identify theft. On…
100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
Nadeem Badshah reports: HM Revenue and Customs has lost £47m after a phishing scam breached tens of thousands of tax accounts, a group of MPs has heard. Two senior civil servants at the tax authority told the Treasury committee on Wednesday that 100,000 people had been contacted, or were in the process of being contacted,…
CISA Alert: Updated Guidance on Play Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection. Since June…
Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
U.S. Dermatology Partners, which has over 100 locations across eight states, recently posted a notice of a data security incident on its website. As stated in their notice: On June 19, 2024, USDP experienced a network disruption. Upon detecting the incident, we quickly took steps to secure our network, immediately initiated our incident response processes…
Oklahoma Expands its Security Breach Notification Law
Melissa Pascualini of Jackson Lewis The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The Amendment includes new definitions, mandates reporting to the state Attorney General, clarifies compliance with similar laws, and provides revised penalty…