Elise Takahama reports a settlement in a lawsuit stemming from a ransomware attack on Fred Hutchinson Cancer Center in Seattle by the Hunters International gang: Fred Hutchinson Cancer Center has agreed to pay about $11.5 million to patients after a 2023 cyberattack put their personal data at risk. Hackers targeted parts of Fred Hutch’s clinical…
Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
In May 2022, DataBreaches reported that ambulance billing service Comstar LLC in Massachusetts was notifying an undisclosed number of people following a data security breach of their system detected on March 26, 2022. On May 26, 2022, they also notified HHS of the incident, reporting that 68,957 patients were affected. Today, HHS OCR announced that…
Australian ransomware victims now must tell the government if they pay up
Alexander Martin reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller…
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Brian Krebs reports: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals…
Victoria’s Secret takes down website after security incident
Sergiu Gatlan reported yesterday: Fashion giant Victoria’s Secret has taken down its website and some store services because of an ongoing security incident. Victoria’s Secret manages approximately 1,380 retail stores in nearly 70 countries and reported an annual revenue of $6.23 billion for the fiscal year ending February 1, 2025. The company says in a…
U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
Yet another reminder of the insider threat: a press release from the Department of Justice. Ironically, this insider worked for the Insider Threat Division of the Defense Intelligence Agency. An IT specialist employed by the Defense Intelligence Agency (DIA) was arrested today for attempting to transmit national defense information to an officer or agent of…