The Hill reports: Members of Elon Musk’s Department of Government Efficiency (DOGE) improperly shared Social Security data through a third-party server, according to a recent court filing from the Justice Department. The DOGE team embedded at the Social Security Administration (SSA) used Cloudflare, which was not approved for storing agency data, to share data during a 10-day period in March, the […]
The Minnesota Department of Human Services’ vendor breach was not the only recent breach disclosed that affected more than 300,000 people. Monroe University in New York also disclosed a breach involving a lot of sensitive information. From their January 13 notification letter: We are posting this notice to inform our community of a data security […]
The Minnesota Star Tribune reports: A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people. There is not evidence the data was misused, the department said in a Jan. 16 letter notifying impacted individuals. The letter was sent about four months after the breach […]
What caused a massive Verizon outage yesterday? The firm still hasn’t said. The Gothamist reports: Verizon service is back for affected customers in the New York area after a widespread outage disrupted cellphones across the country for much of Wednesday, the company said. Affected customers will receive account credits, according to Verizon, which said details […]
RawStory reports: A Department of Homeland Security whistleblower has released the identities of about 4,500 ICE and Border Patrol employees Tuesday in what has been called potentially the largest agency data breach for the department. The killing of 37-year-old mother Renee Nicole Good by ICE agent Jonathan Ross last week in Minneapolis has prompted the leak of personnel date […]
As seen on HackRead: Resecurity, which shared its research with Hackread.com, found that the leaked file contains information on 323,986 users, including their “metadata extracted from MySQL DB,” which is basically a digital footprint that could help identify the people behind the screens. The database was published on shinyhunte.rs, a site that has previously hosted stolen […]
The Register reports: Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem led to theft of users’ personal information. Last Friday, security software vendor Malwarebytes claimed “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, […]
Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud. The result was thousands of phishing messages that looked and felt like […]
BleepingComputer reports: A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices. […]
KnowTechie reports: Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side. According to an announcement this week from the US Department of Justice, Ryan Goldberg, 40, and Kevin Martin, 36, pleaded guilty to orchestrating a string of ransomware attacks in 2023 that netted them about $1.2 million in Bitcoin. Here’s the […]
