Christopher Brown reports: Flagstar Bank NA agreed to pay $31.5 million to settle allegations it failed to protect the personal information of nearly 2.2 million people in data breaches linked to Accellion Inc.’s file-transfer software. Class members would be eligible for up to $25,000 in documented monetary losses, three years of credit monitoring services, and…
The Identity Theft Resource Center Remains Open to Victims Amid Government Shutdown
The ITRC provides free assistance for victims of identity theft, fraud or scams Oct. 1, 2025 — The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, is available to assist victims during the Federal Government shutdown. The ITRC, a trusted nonprofit partner of the Federal Trade Commission and the Internal…
Clop extortion emails claim theft of Oracle E-Business Suite data
Lawrence Abrams reports: Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on…
Legal Practice Board of Western Australia begins notifying data breach victims
David Hollingworth reports: The Legal Practice Board of Western Australia (LPBWA) has said it has begun notifying individuals whose data was compromised following a cyber attack performed by the Dire Wolf ransomware gang in May. “Following a comprehensive investigation, the Legal Practice Board of Western Australia (the board) has commenced notifying individuals whose data was…
When it rains, it pours? Kido had a second incident to address
DataBreaches did not mention this publicly sooner because Kido was already under great pressure due to the breach involving children’s personal information and photos. But now that many people are feeling some relief that the hackers have supposedly deleted all the data and won’t be calling parents any more, DataBreaches can reveal that on Monday,…
Hackers say they have deleted children’s pictures and data after nursery attack backlash
Joe Tidy reports: Hackers who attempted to extort a nursery chain by posting stolen images and data about children on the darknet have removed the posts and claim to have deleted the information. The criminals began posting profiles of the children to their website last Thursday, adding another 10 children days later and vowing to continue until Kido Schools…