Jeffrey Burt reports: The ever-widening series of supply chain attacks on Salesforce instances linked to Salesloft’ Drift app has claimed a number of new victims in recent days, including Cloudflare, Palto Alto Networks, and Zscaler. Cybersecurity firms SpyCloud and PagerDuty also said they were hit by the UNC6395 threat group that exploited a vulnerability in…
Texas sues PowerSchool over breach compromising info of over 880,000 students, teachers
Ninfa Saavedra reports: Texas Attorney General Ken Paxton has filed a lawsuit against PowerSchool, a California-based provider of cloud-based services for K-12 schools, after an unprecedented data breach exposed the sensitive personal identifying information and protected health information of more than 880,000 Texas school-aged children and teachers, including Houston ISD schools. According to Paxton, PowerSchool’s…
Jaguar Land Rover production impacted by cyberattack; Scattered Spider/ShinyHunters claims responsibility
Chris Vallance and Theo Leggett of the BBC report: A cyber-attack has “severely disrupted” Jaguar Land Rover (JLR) vehicle production, including at its two main UK plants. The company, which is owned by India’s Tata Motors, said it took immediate action to lessen the impact of the hack and is working quickly to restart operations….
District of Arizona Clarifies Causes of Action Available for Breach of Health Data
Nick Palmieri of Baker Botts writes: Healthcare providers wrestling with the legal fallout of cyber-attacks just received a fresh reminder from the District of Arizona: traditional tort and contract theories remain difficult to sustain after a breach, but consumer-fraud statutes can keep a case alive. In Johnson v. Yuma Regional Medical Center, fourteen patients sued the…
Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up
Matthew Gault reports: An old school ransomware attack has a new twist: threatening to feed data to AI companies so it’ll be added to LLM datasets. Artists&Clients is a website that connects independent artists with interested clients. Around August 30, a message appeared on Artists&Clients attributed to the ransomware group LunaLock. “We have breached the…
Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial
Matt Kapko reports: Ianis Aleksandrovich Antropenko exemplifies the profile of a modern cybercriminal, yet, unlike many others who have faced strict prosecution for similar offenses, the Justice Department has granted him liberties rarely extended to such suspects. The 36-year-old Russian national was arrested almost a year ago in California for his alleged involvement in multiple…