Lawrence Abrams reports: A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020. When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data…
BBC got to spectate ransomware negotiations with NetWalker
Oh, this is a bit different. Joe Tidy of BBC reports that BBC got an anonymous tipoff about NetWalker’s ransomware negotiations with the University of California San Francisco and was able to spectate the chat negotiations. BBC’s report includes snippets of the negotiations such as when the uni counter-offered $780,000 to the threat actors’ $3…
NHAI server attacked by malware, govt says no data loss
Anisha Dutta reports: The server of government’s highway construction arm–the National Highway Authority of India (NHAI) was attacked by a malware Sunday night, according to officials aware of the development. When the malware attacked the email server of the authority, it may have also impacted the huge pool of data on highways and confidential information…
UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach
There’s an update to the litigation stemming from two UnityPoint Health phishing incidents that were discovered within months of each other in 2018. Part of the lawsuit was thrown out in 2019, but negligence claims were allowed to go forward. Not surprisingly, that seemed to result in a settlement. Jessica Davis reports: Iowa Health System,…
New Ransom X Ransomware used in Texas TxDOT cyberattack
Lawrence Abrams reports: A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. May 2020 was not a good month for Texas as both the Texas Courts and the Texas Department of Transportation (TxDOT) were hit with ransomware attacks. At the time of the attacks, it was not known…
Turkey: KVKK fines gaming company TRY 1,100,000 for breach notification violations
OneTrust DataGuidance reports: The Personal Data Protection Authority (‘KVKK’) published, on 23 June 2020, its decision (‘the Decision’) of 16 April 2020, fining a gaming company a total of TRY 1,100,000 (approx. €142,980) for data breach notification violations. In particular, the Decision concerns a data breach suffered by the gaming company in which hackers were…