Christopher Brown reports: Illuminate Education Inc. defeated for the second time a proposed class action alleging it failed to protect the personal information of more than 3 million elementary and high school students, which was exposed in a December 2021 data breach. The plaintiffs failed to show that they had suffered concrete harm from the breach…
A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?
DataBreaches would have passed over a listing on LockBit3.0’s site if Brett Callow hadn’t kindly called our attention to it. The listing by the threat actors was for HSKS Greenhalgh Chartered Accountants and Business Advisors, and LockBit claimed to have exfiltrated 168 GB of files with: Employees (NIN numbers, passport scans, ID scans, Employee forms…
Logs missing in 42% cyberattacks; small business most vulnerable: Report
Vasudha Mukherjee reports: Telemetry logs, which hold collection, transmission, and measurement of data, were found missing in 42 per cent of analysed cyberattacks, according to Sophos’ Active Adversary Report. Titled ‘The Active Adversary Report for Security Practitioners’, the report delves into incident response (IR) cases scrutinised by global cybersecurity firm Sophos. The report provides insights…
FCC adopts new rules to protect consumers from SIM-swapping attacks
Sergiu Gatlan reports: The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. FCC’s Privacy and Data Protection Task Force introduced the new regulations in July. They are geared toward thwarting scammers who seek to access personal data and information…
K-12 schools improve protection against online attacks, but many are vulnerable to ransomware gangs
Alanna Durkin Richer repeorts: Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free…
Poloniex confirms hackers identity, offers $10M white hat reward to return stolen funds
Assad Jafri reports: Poloniex has officially identified the hacker responsible for stealing $120 million from the exchange on Nov. 10 and offered a $10 million white reward if the funds are returned by Nov. 25, according to on-chain data shared by blockchain security firm PeckShield. Justin Sun, Poloniex’s majority shareholder, sent blockchain messages on the Ethereum network to addresses involved…