Associated Press reports: The Justice Department is preparing criminal charges in connection with an Iranian hack that targeted Donald Trump’s presidential campaign in a bid to shape the outcome of the November election, two people familiar with the matter said Thursday. It was not immediately clear when the charges might be announced or whom precisely…
Wow: Boar’s Head provides a master class in incident response and transparency
How often have you seen DataBreaches heap praise on an entity for its incident response or transparency? Not too often, right? But DataBreaches is super-impressed by how Boar’s Head has responded to a food safety incident. No, this wasn’t any data security breach or privacy data breach, but it was an incident that had harmed…
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
Jonathan Greig reports: The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks. The technology company updated an advisory on Friday warning that a “limited number of customers” were breached through the exploitation of CVE-2024-8190. The bug was announced…
Turkish Data Leak Scandal: Statements by Minister Uraloğlu and Journalist Haskoloğlu
There’s an update to another distressing “shoot-the-messenger” story where a journalist was arrested for simply reporting on a breach that the government denied (previous background). Now Railly News reports: The incident was first brought to the agenda by journalist İbrahim Haskoloğlu in 2022. Haskoloğlu was subsequently arrested after reporting that citizens’ personal data had been…
Atrium apologizes after employees fall for phishing attack; patient info may have been exposed
Chase Jordan reports: Atrium Health is apologizing publicly and notifying patients who may have been impacted by a malicious email sent to employees in April, the company announced Friday. Social Security numbers may have been among the personal information exposed to the criminals, Atrium said. An unauthorized third party gained access to a group of…
23andMe settles data breach lawsuit for $30 million
Jonathan Stempel reports: 23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information was exposed in a data breach last year. The accord also resolves accusations that 23andMe did not tell…