LATEST POST
Hackers Asked Meta AI to Change the Passwords of High-Profile Instagram Accounts. It Did.
404 Media reports: Hackers say that they used Meta’s AI support chatbot to break into a host of high-profile Instagram profiles by asking the support bot to change the email address associated with the target account. The claims coincide with a series of high-profile Instagram account takeovers, including the Barack Obama White House account, the Chief Master […]
Proposed State Laws For Breach Notification Could Increase Incident Response Costs
Two proposed state laws could impact incident response and costs: New Jersey Assembly Bill 1852 and New York Senate Bill 3078. As the National Law Review reports: New Jersey’s proposed bill narrows permissible notice methods to written notice or electronic notice. It removes the existing substitute-notice pathway that many companies rely on when notice costs are […]
California AG’s lawsuit claims 23andMe hack exposed 855,000 Californians’ genetic data
KRCR reports: California Attorney General Rob Bonta announced a lawsuit Thursday against genetic testing company 23andMe, now known as Chrome Holding Company, accusing the company of failing to protect millions of users’ sensitive genetic information during a massive 2023 data breach. According to the lawsuit, the breach exposed the personal information of nearly 7 million users […]
Fake ChatGPT download site infects Windows and Mac users with malware
Malwarebytes reports: A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew[.]app, closely mimics OpenAI’s real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users […]
Carnival Corporation Notice of Data Breach
A press release from Carnival Corporation: Read more of the press release. Carnival has already been sued over the incident.
Silent Ransom Group is sending fake IT support people to your workplace to steal your data
You’ve trained your employees well to avoid falling for phishing or social engineering attempts. Have you trained them on what to do when someone shows up who appears to be from your firm’s IT support? The Record reports: A cyber extortion group linked to the now-defunct Conti ransomware syndicate is increasingly targeting U.S. law firms […]
Help at Home must face core negligence claims over patient data breach
Martin A. Steinberg, J.D. discusses a case in the Northern District of Illinois: The provider must face negligence and implied-contract claims after patients alleged a vendor breach exposed sensitive health and personal data. Two patients brought a putative class action against HAH Group Holding, LLC d/b/a Help at Home, after a March 2024 vendor data […]
How sweet it is: Krispy Kreme settles 2024 data breach suit for $1.6 million
Consumer Affairs reports: Krispy Kreme customers affected by a 2024 data breach may now be eligible for compensation under a proposed class-action settlement. The doughnut chain has agreed to a $1.6 million settlement to resolve claims stemming from a cybersecurity incident disclosed in November 2024. The breach allegedly exposed personal information, including names, dates of […]