Press Release of November 28: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for violations of DFS’s Cybersecurity Regulation (23 NYCRR Part 500) stemming from a large-scale cybersecurity breach in May 2019. The breach…
ID Theft Service Resold Access to USInfoSearch Data
Brian Krebs reports: One of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look…
Okta admits hackers accessed data on all customers during recent breach
Carly Page reports: U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected. Okta confirmed in October that a hacker used a stolen credential to access its support case management system…
Hackers breach Israel intelligence group’s website
The Middle East Monitor reports: An unknown entity has breached the website of the Shin Bet veterans’ association, Shoval, and may have stolen the details of the intelligence agency’s former employees, the French website Intelligence Online has reported. According to the website, the agency’s management has requested members of the association to be cautious, especially when travelling…
Queensland passes mandatory data breach notice laws
Justin Hendry reports: Queensland has become only the second state to legislate a mandatory data breach notification scheme for public sector entities, as an almost identical scheme comes into effect in New South Wales. The Information Privacy and Other Legislation Amendment Bill 2023 passed through the Queensland state Parliament on Wednesday, less than two months…
A cyberattack hit thousands of people in Louisiana. They’re still in the dark months later. (2)
Stephen Marcantel reports: It was early August when teacher Heather Vidrine first heard about a cyberattack on her former school district in St. Landry Parish, but she didn’t think much about it — even after her Facebook got hacked. Now, she’s left to wonder whether the two are connected. Her Social Security number and other…