In May 2022, DataBreaches reported that ambulance billing service Comstar LLC in Massachusetts was notifying an undisclosed number of people following a data security breach of their system detected on March 26, 2022. On May 26, 2022, they also notified HHS of the incident, reporting that 68,957 patients were affected. Today, HHS OCR announced that…
Australian ransomware victims now must tell the government if they pay up
Alexander Martin reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller…
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Brian Krebs reports: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals…
Victoria’s Secret takes down website after security incident
Sergiu Gatlan reported yesterday: Fashion giant Victoria’s Secret has taken down its website and some store services because of an ongoing security incident. Victoria’s Secret manages approximately 1,380 retail stores in nearly 70 countries and reported an annual revenue of $6.23 billion for the fiscal year ending February 1, 2025. The company says in a…
U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
Yet another reminder of the insider threat: a press release from the Department of Justice. Ironically, this insider worked for the Insider Threat Division of the Defense Intelligence Agency. An IT specialist employed by the Defense Intelligence Agency (DIA) was arrested today for attempting to transmit national defense information to an officer or agent of…
St. Cloud Provides Update on Ransomware Attack in 2024
A notice on St. Cloud, Florida’s website: May 29, 2025 – The City of St. Cloud, Florida (the “City”) is issuing updated notice of an event that may impact the security of information related to certain individuals. This notice supplements the notice previously posted on or website on or about May 24, 2024. What Happened? On or…