An editorial in The Asahi Shimbun begins: A prolonged, systemic failure in data security management resulted in a 10-year leak of personal information in about 9 million cases stored at a subsidiary of Nippon Telegraph and Telephone West Corp. (NTT West). The leak reflects a significant lapse in the company’s protective measures and a stark…
British Library: Employee data leaked in cyber attack
Yasmin Rufo reports: The British Library has confirmed that a cyber attack in October has led to a leak of employee data. The attack, which took place on 31 October, has also resulted in the library’s website being down for almost a month. The Rhysida ransomware group claim to be behind the attack, and say…
Illuminate Education Defeats Data Breach Lawsuit for Second Time
Christopher Brown reports: Illuminate Education Inc. defeated for the second time a proposed class action alleging it failed to protect the personal information of more than 3 million elementary and high school students, which was exposed in a December 2021 data breach. The plaintiffs failed to show that they had suffered concrete harm from the breach…
A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?
DataBreaches would have passed over a listing on LockBit3.0’s site if Brett Callow hadn’t kindly called our attention to it. The listing by the threat actors was for HSKS Greenhalgh Chartered Accountants and Business Advisors, and LockBit claimed to have exfiltrated 168 GB of files with: Employees (NIN numbers, passport scans, ID scans, Employee forms…
Logs missing in 42% cyberattacks; small business most vulnerable: Report
Vasudha Mukherjee reports: Telemetry logs, which hold collection, transmission, and measurement of data, were found missing in 42 per cent of analysed cyberattacks, according to Sophos’ Active Adversary Report. Titled ‘The Active Adversary Report for Security Practitioners’, the report delves into incident response (IR) cases scrutinised by global cybersecurity firm Sophos. The report provides insights…
FCC adopts new rules to protect consumers from SIM-swapping attacks
Sergiu Gatlan reports: The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. FCC’s Privacy and Data Protection Task Force introduced the new regulations in July. They are geared toward thwarting scammers who seek to access personal data and information…