Samantha Hernandez reports: Des Moines Public Schools has canceled all classes for Tuesday after officials took the district’s internet and network offline Monday morning following what they described as “unusual activity” that was later determined to be an apparent cybersecurity attack. The district issued an announcement Monday afternoon saying offices will be open but staff may be…
UK: Oxford University dating website for staff and students shut down after ‘huge data breach’
Anvee Bhutani and Emma Yeomans report: A dating website for Oxford University students has been accused of breaching student and staff privacy after revealing the name of everyone with a university email address. “OxShag”, set up anonymously by a group of students, promised to help “overworked and undersexed” students find “bookworms with benefits, coursemates keeping…
When ransom negotiations become public, self-inflicted reputation harm may follow
Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug bounty” and never disclose that they were the victim of a ransomware incident. At least, that’s how it seems, unless, of course, CyberOptics is going to claim that they were…
Oregon workers’ compensation claimants and policyholders may have had their personal information hacked
Mike Rogoway reports that Oregon’s worker’s compensation insurer, SAIF Corp., experienced a breach in October that potentially compromised policyholders’ information and workers’ compensation claimants’ personal and medical information. On their breach-related site maintained for them by IDX, SAIF explains that on October 24, there was a brief period during which an unauthorized individual or individuals…
What Twitter’s 200 million email leak really means
Lily Hay Newman reports: After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network…
Slack’s private GitHub code repositories stolen over holidays
Ax Sharma reports: Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. … The incident involves threat actors gaining access to Slack’s externally hosted GitHub repositories via a “limited” number of Slack employee tokens that were stolen. While some of Slack’s private code repositories were breached, Slack’s primary codebase and…