LATEST POST
Aflac notifies SEC of breach suspected to be work of Scattered Spider
DataBreaches.net reports that Aflac has notified the Securities & Exchange Commission (SEC) of a data security incident. The incident did not involve ransomware, and appears to have the same characteristics as breaches at two other U.S. insurers this month: Erie Insurance and Philadelphi Insurance Companies. The group known as Scattered Spider is suspected of being […]
No, the 16 billion credentials leak is not a new data breach (1)
Bleeping Computer responds to headlines from another site: News broke today of a “mother of all breaches,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. To be clear, this is not a […]
Belk hit with pair of lawsuits over data breach and notification failure
The Charlotte Observer reports: Two lawsuits were filed this week in federal court against Belk for a data breach and then for allegedly concealing the cyberattack. In both cases, the plaintiffs are also seeking certification for class-action suits. Belk failed to protect sensitive personal current and former employee and customer information, according to the lawsuits, […]
Have they no shame? Heartless gang targeted Krispy Kreme donuts (1)
SecurityWeek reports that heartless criminals targeted Krispy Kreme donuts last year: Donut and coffee retail chain Krispy Kreme has confirmed that the ransomware attack that came to light in late 2024 resulted in a data breach. Krispy Kreme revealed being hit by a cyberattack on December 11, saying that the incident had led to operational disruptions. Roughly […]
UBS data leak: UBS reports data breach after cyber attack on provider, client data unaffected
Reuters reports: Swiss bank UBS on Wednesday said it had suffered a data leak due to a cyber attack against one of its providers, but that no client data was affected. Swiss newspaper Le Temps said that files containing details of tens of thousands of UBS employees had been stolen from business service company Chain […]
Cyprus Airways warns of potential passenger data breach following phishing attack
PhileNews reports: Cyprus Airways has warned customers of a potential personal data breach following a phishing attack that gave unauthorised access to passenger information. The airline said in an email to customers that an unauthorised external party recently gained access to a passenger file through credential phishing, though there was no breach of the company’s servers or electronic […]
First M&S – now insurers are Scattered Spider’s target
Insurance Business Magazine reports: British insurers are bracing for an escalating wave of cyberattacks after one of the world’s most notorious hacking groups, Scattered Spider, has pivoted from raiding retailers to targeting insurance and financial services companies on both sides of the Atlantic. Google’s Threat Intelligence Group has issued a fresh warning, saying it had […]
State Data Breach Notification Laws – June 2025
Foley & Lardner has updated a resource on state laws. From their website: