Matt Kapko reports: A ransomware attack against San Francisco’s Bay Area Rapid Transit exposed highly sensitive and personal data after a threat group leaked the records Friday. The nation’s fifth-largest transit system by ridership, and largest in California, remains operational. Vice Society, a prolific ransomware group, claimed responsibility for the attack on Friday when it…
Guardian confirms it was hit by ransomware attack
Dan Milmo reports: The Guardian has confirmed it was hit by a ransomware attack in December and that the personal data of UK staff members has been accessed in the incident. The Guardian Media Group’s chief executive, Anna Bateson, and the Guardian’s editor-in-chief, Katharine Viner, confirmed the news in an update emailed to staff on…
Update about an alleged incident regarding Twitter user data being sold online
From Twitter, today: …. In response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems. We also want to share an update about an incident that took place earlier this year,…
TX: West Oaks Eyecare discloses malware incident
On November 7, West Oaks Eyecare in Texas discovered one of their computer systems had been encrypted by malware. Their investigation into the incident indicated that the threat actor(s) may have accessed patient billing information: We thoroughly reviewed the files involved to determine what information they contained. Based on our review, we identified files that…
NYS DFS Announces $100 Million Settlement with Coinbase; Investigation Found Significant Failings in their Compliance Program
DFS Investigation Found Wide-Ranging and Long-Standing Failures in Coinbase, Inc.’s Anti-Money Laundering Program, Including with Regard to its Know Your Customer/Customer Due Diligence, Transaction Monitoring, and Suspicious Activity Reporting Systems, Among Others Settlement Requires Coinbase to Pay $50 Million Penalty and to Invest an Additional $50 Million in its Compliance Program From the NYS Department…
A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes
Zack Whittaker reports: A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight…