A big monetary penalty was anticipated for SK Telecom after a massive data breach. Now we know how big. Muhammad Zulhusni reports: South Korea’s biggest mobile carrier has been hit with a record fine after a massive data breach exposed the personal details of nearly half the country’s people. The Personal Information Protection Commission (PIPC)…
Taiwanese associated with Chinese group behind cyberattacks arrested
Keoni Everington reports: Two alleged Taiwanese clients of a Chinese ransomware group behind attacks on the Mackay Memorial Hospital and other targets in Taiwan have been arrested and released on bail. According to a Ministry of Justice Investigation Bureau, between February and March, the group CrazyHunter used ransomware to attack hospitals, publicly listed companies, and…
Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier
Alexander Martin reports: A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments. The attack was detected on Saturday, according to the company’s chief executive Erik Hallén. The attackers are attempting to extort Miljödata,…
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
It looks like ShinyHunters and Scattered Spider have found yet another way to compromise Salesforce customers. Lawrence Abrams reports: Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. Salesloft’s SalesDrift is a third-party platform that connects…
DOGE accused of copying entire Social Security database to insecure cloud system
Jon Brodkin reports: A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created “a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” Chuck Borges, the SSA’s Chief Data Officer (CDO), “has become aware through reports to him of serious data security lapses, evidently…
OH: West Chester Township investigates second cyberattack this month
Brian Hamrick reports: West Chester Township is dealing with the fallout of a second cyber-attack this month. On Tuesday morning, cyber attackers the township calls a “malicious group” struck, targeting the email server. ”At approximately 6:45 a.m., we were notified of a potential cyber-attack and data breach,” said West Chester Township public information officer Brianna…