Irish Data Protection Commission fines Meta €251 Million
A press release from the DPC explains the penalty:
SEC Charges Flagstar for Misleading Investors About Cyber Breach
ADMINISTRATIVE PROCEEDINGFile No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading statements […]
Deloitte Sued Over Breach of Rhode Island Government Benefits Recipient Data
Deloitte has been getting its name in the news this month, but not in a good way. First, a ransomware group named “Brain Cipher” claimed to have attacked Deloitte UK. Deloitte responded to their claims by denying that their network was breached and stating that the breach involved a single client’s system that is not […]
Clop ransomware claims responsibility for Cleo data theft attacks
There is an update to the reports of a Cleo file transfer vulnerability being exploited by hackers. Bleeping Computer reports that the same actors who were responsible for the massive MoveIT breach have also claimed responsibility for the Cleo breach: The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo […]
Multiple Cleo file transfer products being exploited by hackers; patch isn’t sufficient
Here we go again: threat actors are taking advantage of vulnerabilities in file transfer products. This time it is Cleo file transfer products. The Record reports: Cybersecurity researchers are warning that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer. The vulnerability — CVE-2024-50623 — was […]
US sanctions Chinese firm for hacking firewalls in ransomware attacks; $10 million reward for information
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports: According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a […]
HealthAlliance of Hudson Valley Pays $550,000 to NYS; Failed to Address a Known Cybersecurity Vulnerability
New York State Attorney General Letitia James announced another data security enforcement settlement yesterday. HIPAA Journal writes: A New York healthcare provider that experienced a breach of the personal and protected health information of 242,641 New Yorkers has been ordered to pay a financial penalty of $550,000 and take steps to strengthen its data security […]
Chinese hack of global telecom providers is ‘ongoing,’ officials urge people to use encrypted apps to communicate
The U.S. may not have totally kicked China-affiliated Salt Typhoon out of U.S. telecommunication systems, a new publication by CISA explains. Politico reports that CISA and the FBI are advising people to use encrypted communications: Jeff Greene, [executive assistant director of cybersecurity at the Cybersecurity and Infrastructure Security Agency], strongly urged Americans to “use your […]
Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
More late woes from the massive 2023 MoveIT databreach. The Register reports that more companies are now seeing their data leaked online on a popular hacking forum: Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive […]
Should regulators do more naming and shaming?
The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports: The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities. […]