Byron Kaye reports: Corporate insurers routinely pay hackers a ransom for the return of stolen customer data, a top Australian government cybersecurity provider said on Tuesday (Oct 25), as the country’s biggest health insurer revealed the growing scale of a recent breach. The claim from Macquarie Telecom Group, which runs cybersecurity for 42 per cent…
Hive claims ransomware attack on Tata Power, begins leaking data
Ax Sharma reports: Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai. Read more at Bleeping Computer.
Snatch adds — and then deletes — Wisconsin school district from leak site
Yesterday morning, DataBreaches observed that Snatch Team had added Kenosha Unified School District in Wisconsin to its leak site, but had not added any actual proof pack. In response to this site’s tweet, Dominic Alvieri responded that the district had disclosed a breach on September 29. Kenosha did not respond to an email this site…
FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers. Drizly and Rellas were alerted to security problems two years prior to the breach yet…
Medibank updates incident report; customer data also affected
Medibank has provided yet another update on the ransomware attack previously noted on this site: There has been a further development in Medibank’s cybercrime event, which is subject to a criminal investigation by the Australia Federal Police (AFP). It has become clear that the criminal has taken data that now includes Medibank customer data, in…
UK: ICO fines Interserve £4,400,000 for inadequate data security
Between 18 March 2019 and 1 December 2020 Interserve Limited (“Interserve”) failed to process personal data in a manner that ensured appropriate security of the personal data using appropriate technical and organisational measures as required by Article 5(1)(f) and Article 32 GDPR. This rendered Interserve vulnerable to a cyber-attack which took place in the period…