The Register reports: The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info. The nonprofit, which represents more than 178,000 education professionals in the US state of Pennsylvania, confirmed data was stolen during a July 6 attack. […]
Data Breach Today reports that Australia’s financial regulator has filed a lawsuit against FIIG Securities over cybersecurity failures that enabled a threat actor to steal confidential personal information of 18,000 customers: The Australian Securities and Investments Commission said it decided to sue Brisbane-headquartered FIIG Securities in Federal Court after observing the company’s “systemic and prolonged cybersecurity failures” […]
In December 2024, EdTech vendor PowerSchool was hit with a major attack that reportedly affected more than 60 million students and employees throughout the country. But that wasn’t the only major attack affecting an education sector vendor in December. Teiss reports that a retirement services vendor was also the victim of an attack: About 50 […]
DevOps reports: A popular GitHub Action used in more than 23,000 code repositories has been compromised in a supply chain attack by attackers who introduced a malicious commit aimed at leaking secrets like passwords held in public repositories. In the compromise, which is being tracked as CVE-2025-30066, bad actors modified the code in GitHub Actions tj-actions/changed-files […]
KOAA in Colorado reports: The personal information of over 1,000 veterans in Colorado may be at risk after a data leak. The Veterans Affairs Eastern Colorado Health Care System accidentally sent an email containing personal details about veterans to 75 recipients. The email, which was sent in January, included a spreadsheet with veterans’ full names, the last […]
About Lawsuits reports that all the state and federal lawsuits against Change Healthcare should be coordinated: The U.S. District Judge appointed to preside over all Change Healthcare data breach lawsuits brought throughout the federal court system has issued an order, outlining a plan to coordinate the pretrial proceedings in the federal multidistrict litigation (MDL) with claims pending […]
SecurityWeek reports that Dragos has published an interesting case study about an attack by the Chinese threat actors known as Volt Typhoon on the electric grid. The target was Littleton Electric Light and Water Departments (LELWD), a small public power utility in Massachusetts that serves Littleton and Boxborough. The utility had been in the process […]
From CISA.gov, a #StopRansomware advisory: Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant […]
The following is a press release issued yesterday by NY Attorney General Letitia James: NEW YORK – New York Attorney General Letitia James today filed a lawsuit against several insurance companies doing business as National General and Allstate Insurance Company (Allstate) for failing to protect New Yorkers’ personal information from cyberattacks. In 2020 and 2021, National General […]
Since the Hamas attack in October 2023, more and more Israelis have armed themselves with guns. Now the Sri Lanka Guardian reports that Israeli gun owners are in a state of heightened alert, fearing for their safety due to a breach and leak of their personal information and details: In a severe cybersecurity breach with […]
