Ashden Fein, Caleb Skeath, Micaela McMurrough, Emily Pehrsson, and Sierra Stubbs of Covington and Burling write: Oklahoma recently enacted Senate Bill 626, which substantially amends the state’s data breach notification law to broaden the scope of notification obligations and add a new regulator notification requirement along with a new “safe harbor”-style provision that provides liability protections if certain…
Hackers leak purported Aeroflot data as Russia denies breach
“Information… has not been confirmed.” — Victim “Hold my beer.” — Hacker Daryna Antoniuk reports: Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights, as Moscow denies any data breach occurred. Russia’s internet watchdog Roskomnadzor said there was no confirmation that data had been leaked from…
Palo Alto Networks investigating ransomware threat related to SharePoint exploitation
David Jones reports: Researchers from Palo Alto Networks say they are investigating a ransomware attack related to the recently disclosed ToolShell vulnerabilities in Microsoft SharePoint. The hackers left the victim a ransom note on Sunday claiming they had encrypted files using the 4L4MD4R ransomware. The note warned that any attempt to decrypt the files would result in their…
Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents
On January 20, 2025 Mt. Baker Imaging and Northwest Radiologists in Washington State (collectively, “Northwest Radiologists”) experienced a network intrusion that they discovered on January 25. Although media reported on the incident on January 27, it was not until March 26 that Northwest Radiologists posted a notice on its website (archived). DataBreaches could find no…
As ransomware gangs threaten physical harm, ‘I am afraid of what’s next,’ ex-negotiator says
Jessica Lyons reports: Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands. According to a survey of 1,500 security and IT professionals conducted by Censuswide on behalf of security firm Semperis, digital intruders are still holding more traditional threats of system lockouts (52…
Dermatology Clinics Affected by Practice Management Company Data Breach
Steve Alder writes: Several dermatology practices have recently announced data breaches following an attack on their management company. The number of attacks reported this year by dermatology practices suggests they are being targeted by one or more threat actors. In May 2025, DermCare Management, a Florida-based company that provides support services for dermatologists and dermatology…