LATEST POST
Meta, Google, H&R Block accused of coordinated plan to scrape taxpayer data
Another day, another RICO class action? Courthouse News reports: Taxpayers slapped Meta, Google and H&R Block with a sprawling RICO class action Wednesday, claiming that a “shocking breach” coordinated by the companies resulted in scraping taxpayers’ private information for profit. In a 49-page complaint, the plaintiffs say the international firm H&R Block used customers’ private income […]
Colorado Attorney General announces settlement with Broomfield skilled nursing facility over 2021 data breach
Colorado Attorney General Phil Weiser announced a settlement with Broomfield Skilled Nursing and Rehabilitation Center, LLC. The settlement arose from a 2021 data breach affecting patient and employee data. The state claimed that Broomfield violated a number of state laws that are specifically identified in the assurance of discontinuance (settlement). The following is the press […]
Is that blood drive message really from the American Red Cross? Be careful.
NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. … AtlasCross designed a decoy document titled “Blood Drive September 2023.docm” with the United States […]
FTC Warns Tax Prep Companies Against Invasive Online Tracking
Sharing private information could lead to penalties, agency says after Markup investigation By: Colin Lecher The Federal Trade Commission (FTC) has warned five tax preparation companies that they may face civil penalties for sharing confidential data from taxpayers through tracking pixels and other means. The move from federal regulators follows an investigation by The Markup […]
MOVEit fallout continues: National Student Clearinghouse discloses for 900 schools affected
The figures for the MOVEit data breach continue to rise to alarming heights. The Record reports: The National Student Clearinghouse (NSC) reported that nearly 900 colleges and universities across the U.S. had data stolen during attacks by a Russia-based ransomware gang exploiting the popular MOVEit file-sharing tool. The nonprofit manages educational reporting, data exchange, verification, […]
Ransomware Group Claims To Have ‘Compromised All Sony Systems,’ Sony investigating (Update 1)
Over the weekend, a new ransomware group called Ransomed.vc claimed it compromised Sony. The original listing, which has since been replaced, listed a date of September 28, suggesting that if there was no resolution or payment by then, data would be leaked or sold. In an updated listing with a date of September 26, they […]
MGM and Caesars have big cyberinsurance policies, but small businesses need cyberinsurance too
At least five class-action lawsuits were filed last week against the two Las Vegas entertainment giants following data breaches reportedly by the same group of threat actors. As Digital Insurance reports, Okta, an identity and access management company used by both firms, issued an advisory in August about hackers tricking IT service staff into resetting […]
Twin cyberattacks but different incident responses: Comparing MGM Resorts and Caesars
As an article in DarkReading highlights, it’s tempting to compare the incident responses by MGM Resorts and Caesars Entertainment to their recent cyberattacks because both are the same kind of entity and both were victims of the same threat actors (Scattered Spider/AlphV). But: Caesars quickly negotiated with the cyberattackers, and handed over a $15 million ransom payout, which […]