Brian Krebs reports: Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access…
D.C. Board of Elections revises its estimate of data breach — could be entire voter roll
The D.C. Board of Elections appears to have revised its estimate of how much data was accessible to a threat actor who listed it for sale on a dark web site. The listing had claimed to have 600k lines of voter registration records from the D.C. Board of Elections, but a preliminary statement by the…
Ragnar Locker ransomware gang taken down by international police swoop — Europol
The announcement from Europol we’ve been waiting for: This week, law enforcement and judicial authorities from eleven countries delivered a major blow to one of the most dangerous ransomware operations of recent years. This action, coordinated at international level by Europol and Eurojust, targeted the Ragnar Locker ransomware group. The group were responsible for numerous…
France frees the two biggest Spanish hackers
The following is from a machine translation of an article by Luis F. Duran that appeared at El Mundo on October 18: Last Thursday, French Justice released two Spanish hackers, aged 26 and 28, arrested last summer on charges of attacking 26 French companies from which they supposedly demanded million-dollar ransoms. After the investigation and the…
More lawsuits filed against Gaston College over data breach
Kara Fohner reports: Two more lawsuits filed against Gaston College allege that a data breach earlier this year exposed the personal information of more than 100,000 people. The lawsuits, filed by Ludenia Archie and Shaquasia Eppes, both former students, state that in the Feb. 21 cybersecurity incident, in which a hacker accessed sensitive files and…
HIPAA requires employers to sanction employees who violate HIPAA. Did you know that?
From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers use to gain access to healthcare information systems and data.2 The threat brief recommended several protective measures to combat social engineering, one of…