If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches recently wrote to the Maine Attorney General’s Office: I am not sure I really understand a provision in Chapter 210-B §1348. Security breach notice requirements, and am seeking clarification. In Paragraph 1,…
East River Medical Imaging notifies 605,809 patients of breach
East River Medical Imaging recently sent out notices to 605,809 patients concerning a breach in September. According to a patient notice posted on its website, on September 20, 2023, the New York medical practice identified suspicious activity within its IT network. We immediately initiated our incident response process, began an investigation with the assistance of…
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Bill Toulas reports: Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the…
Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
FirstPost reports: Hours after The Guardian report claimed that UK’s most hazardous nuclear site Sellafield has been hacked into by cyber groups closely linked to Russia and China, Britain on Monday said that it has no records or evidence to suggest that networks were compromised. “Our monitoring systems are robust and we have a high degree of…
23andMe data breach: Hackers accessed data of 6.9 million users
Catherine Stoddard reports: 23andMe, a company that does genetic testing and traces ancestry through shared DNA, confirmed to FOX TV Stations on Monday that hackers accessed personal data of about 0.1% of customers, which amounts to roughly 14,000 people who have used 23andMe. Hackers were able to breach those accounts because the customers had used the same username…
AlphV claims they have started contacting some of Tipalti’s clients (1)
Following up on a somewhat atypical strategy to monetize an alleged attack on Tipalti, AlphV updated their leak site post today. It now reads: We are systematically reaching out to affected clients of Tipalti, the first batch (consisting of organizations with the most data exfiltrated), have been sent communications requesting initial contact. We will immediately…