How often have you seen DataBreaches heap praise on an entity for its incident response or transparency? Not too often, right? But DataBreaches is super-impressed by how Boar’s Head has responded to a food safety incident. No, this wasn’t any data security breach or privacy data breach, but it was an incident that had harmed…
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
Jonathan Greig reports: The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks. The technology company updated an advisory on Friday warning that a “limited number of customers” were breached through the exploitation of CVE-2024-8190. The bug was announced…
Turkish Data Leak Scandal: Statements by Minister Uraloğlu and Journalist Haskoloğlu
There’s an update to another distressing “shoot-the-messenger” story where a journalist was arrested for simply reporting on a breach that the government denied (previous background). Now Railly News reports: The incident was first brought to the agenda by journalist İbrahim Haskoloğlu in 2022. Haskoloğlu was subsequently arrested after reporting that citizens’ personal data had been…
Atrium apologizes after employees fall for phishing attack; patient info may have been exposed
Chase Jordan reports: Atrium Health is apologizing publicly and notifying patients who may have been impacted by a malicious email sent to employees in April, the company announced Friday. Social Security numbers may have been among the personal information exposed to the criminals, Atrium said. An unauthorized third party gained access to a group of…
23andMe settles data breach lawsuit for $30 million
Jonathan Stempel reports: 23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information was exposed in a data breach last year. The accord also resolves accusations that 23andMe did not tell…
The Dark Nexus Between Harm Groups and ‘The Com’
Brian Krebs reports: A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that…