Waqas reports: In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for…
Missing Risk Analysis Cost NY CPA Firm $175K—But Not the Big Group Whose Data Was Breached in 2019
Theresa Defino reports: Covered entities (CEs) and business associates (BAs) might be forgiven if the most recent HHS Office for Civil Rights (OCR) HIPAA enforcement action evoked little more than a yawn. Yes, the $175,000 payment isn’t a particularly large amount, and the sole alleged violation is a retread. Actually, it’s the 10th in OCR’s…
Discord Confirms 70,000 Government IDs Exposed in Third-Party Breach
Divya reports: The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
California Sets 30 Day Deadline for Data Breach Notifications
Heads up to entities doing business in California: your breach notification obligations are changing. Joseph Lazzarotti of JacksonLewis explains: Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney General when personal information of California residents has been…
Vn: Major hospitals hit by cyberattacks, patient data sold on hacker forums
Over the years, DataBreaches has noted hospitals in APAC countries having data leaked or being hit with ransomware attacks, but I have not seen a lot of reviews. An article by Thai Khang in VietnamNet names mentions some of the bigger hospital breaches in Vietnam since 2024, and then continues: According to Thuy, in the…
California’s New Delete Request Tool Impacts Data Brokers and Residents
Going forward, this might help California residents reduce the chances of their personal information being caught up in some breaches. Hunton Andrews Kurth writes: On September 26, 2025, following a public comment period, the California Privacy Protection Agency (“CPPA”) adopted its regulations concerning the Delete Request and Opt-Out Platform (“DROP”). The DROP is a tool developed to…