LATEST POST
RIBridges’ firewall worked, but hundreds of alerts went unnoticed or ignored.
Footnotes in CrowdStrike’s forensics report offer troubling details of Deloitte’s handling of incident logs. Rhode Island Current reports that the attack on RIBridges triggered hundreds of firewall alerts during the five months that attackers were in the network and were transferring gigabytes of data. But the state’s vendor, Deloitte, did not know the system had […]
Cyber criminals bribed rogue overseas support agents to steal Coinbase customer data
Coinbase says they are protecting their customers and standing up to the extortionists. Tl;dr: Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of […]
Ascension discloses multiple third-party data breaches
Over the course of the last year, Ascension Health has been affected by several third-party data breaches impacting its patients across multiple states. TechTarget reports: Ascension Health, a Missouri-based Catholic health system, has disclosed several third-party data breaches in 2025, impacting patients across its network of hospitals and care facilities. While Ascension posted notices for […]
No, Your Steam Account Didn’t Just Get Hacked
How-to Geek reports, “There have been rumors about a large-scale data breach impacting nearly 90 million Steam accounts. However, the original source was debunked, so you probably don’t have anything to worry about.” But if you want to err on the side of caution, it wouldn’t hurt to change your password for Steam and anywhere […]
New York Tightens the Breach Clock: 30 Days to Notify
As seen at Corporate Compliance Insights: Organizations handling New Yorkers’ data now face one of the country’s shortest breach notification deadlines. Morrison Foerster attorneys Melissa Crespo and Reiley Porter break down the state’s recent amendments that impose a 30-day notification requirement and expand protected information categories to include medical and health insurance data. Recent amendments […]
Moldova arrests suspect linked to DoppelPaymer ransomware attacks
Bleeping Computer reports that an unnamed 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021 has been arrested by Moldovan police. Police officers searched the suspect’s home and car on May 6, seizing an electronic wallet, €84,800, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices. […]
Department of Justice says data breach exposed information on diocesan sex abuse survivors
CNA reports that the U.S. Department of Justice (DOJ) states that recent data breach of a California consulting firm exposed data of Catholic clergy abuse survivors in nearly a dozen bankruptcy lawsuits. In a May 6 letter, which is embedded below and originally appeared on Catholic News Agency, the DOJ informs a law firm about […]
Google warns against Russia-based hacking group using new malware to steal data
The Times of India reports: Google’s Threat Intelligence Group (GTIG) has issued a warning about a Russia-based hacking group, known as COLDRIVER. The Alphabet-owned company claims that this hacking group is using a newly identified malware called LOSTKEYS to steal data. The tech giant claims that this malware, which was tracked in multiple attacks this […]