Don Brinkerhoff reports: A group of high school juniors in Davis County are hacking the hackers to protect phishing victims. “All my friends and peers around me got hacked,” said Charles Mortensen a Davis County student. Mortensen said in one case, a friend who’s in foster care had her Instagram account hacked. That was the…
Snowflake data breach claims spark war of words over culpability; researchers may have been trolled
Solomon Klappholz reports: Snowflake has pinned the blame on a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication. In a statement on 2 June 2024, Snowflake CISO Brad Jones pushed back on claims that major data breaches involving Ticketmaster and Santander were caused by a vulnerability or misconfiguration in Snowflake’s platform. […] Cyber crime intelligence…
HHS OCR: Covered entities affected by the Change Healthcare breach may delegate tasks of providing HIPAA breach notifications to Change Healthcare
May 31 – Today, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published an update to the frequently asked questions (FAQs) webpage concerning the Change Healthcare cybersecurity incident. The webpage, first published on April 19, 2024, provides answers to FAQs concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…
Santander customers’ private data put up for sale for $2m by hackers
The Guardian reports: Hackers are attempting to sell confidential information including the bank and credit card numbers of millions of Santander customers to the highest bidder. ShinyHunters posted an advert on a hacker forum for the data, which it says also includes staff HR details, with an asking price of $2m (£1.6m). It is the…
WD & Associates had a breach in February 2023. Individuals still haven’t been notified.
From a summary of Rhode Island’s data breach notification law, as summarized by PerkinsCoie: Notification Obligation. Any Entity to which the statute applies shall provide notification of (i) any disclosure of PI or (ii) any breach of the security of the system, that poses a significant risk of identity theft to any resident of RI whose unencrypted PI…
‘Operation Endgame’ Hits Malware Delivery Platforms
Brian Krebs reports: Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced…