Vendor News - The Data Breach Times

March 16, 2025

976 views 2 mins 0

TRICARE Contractor Resolves $11M False Claims Act Liability for Known Cybersecurity Violations

Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed […]

Vendor News, Data Breach News

February 04, 2025

1054 views 29 secs 0

Deloitte providing $5M to cover expenses related to RI data breach — and that’s just part of what they’ll pay

There is another update to Rhode Island’s incident response to a cyberattack last year that involved their vendor, Deloitte. Data from the state’s portal called RIBridges was acquired and leaked by threat actors when their ransom demands were not paid. Now WPRI reports: An outside consulting group will provide Rhode Island with millions in funding […]

Vulnerabilities, Vendor News

January 24, 2025

249 views 4 secs 0

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

Another day, another critical patch. The Register reports: Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices. Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform. […]

Data Breach News, Vendor News

December 18, 2024

1262 views 19 secs 0

Hacker IntelBroker Leaked 2.9GB of Data Stolen From Cisco DevHub Instance

Cisco should have a bit of a professional red face or black eye this week after hackers leaked data acquired from them due, in part, to a mistake. Cybersecurity News reports: The notorious hacker IntelBroker has leaked 2.9GB of data allegedly stolen from Cisco’s DevHub environment. This partial leak, disclosed on December 16, 2024, is […]

Data Breach News, Legal News, News, Vendor News

December 16, 2024

1297 views 47 secs 0

Deloitte Sued Over Breach of Rhode Island Government Benefits Recipient Data

Deloitte has been getting its name in the news this month, but not in a good way. First, a ransomware group named “Brain Cipher” claimed to have attacked Deloitte UK. Deloitte responded to their claims by denying that their network was breached and stating that the breach involved a single client’s system that is not […]

Commentaries and Analyses, Vendor News

December 03, 2024

1162 views 12 secs 0

Tips for Vacation Rental, Property Mgmt. Businesses Facing Vendor Cybersecurity Risk

Lawyers at JacksonLewis write: Last year, as reported on the Maine Attorney General’s Office website, Resort Data Processing (RDP) experienced a data breach affecting over 60,000 individuals caused by a “SQL injection vulnerability which allowed an unauthorized third party to redirect payment card information from in-process transactions on our RDP’s clients’ on-premises Internet Reservation Module (“IRM”) […]

Data Breach News, Vendor News

November 12, 2024

728 views 8 secs 0

Form I-9 Compliance updates its breach report once again; number affected keeps climbing

Employee eligibility verification solutions provider Form I-9 Compliance suffered a data breach on February 5, 2024. Its impact is way, waaaaay bigger than initially reported. Security Week reports: In late May, the company started informing customers that someone had gained unauthorized access to its network in early February. The intrusion was detected on April 12 […]

Data Breach News, News, Vendor News

November 12, 2024

1052 views 47 secs 0

Amazon confirms employee data compromised amid 2023 MOVEit breach; dozens of other companies also affected

The MOVEit breach was one of the biggest breaches of 2023. Cl0p threat actors exploited vulnerabilities in the file transfer software and exfiltrated massive amounts of data from entities in all sectors. Now data from Amazon and almost three dozen other MOVEit victim entities is being leaked on BreachForums by a forum user calling themself […]

News, Vendor News

October 29, 2024

1157 views 22 secs 0

Right back atcha: CrowdStrike sues Delta Air Lines

Days after Delta Air Lines sued cybersecurity vendor CrowdStrike for $500 million in losses that it attributes to the vendor’s outage, CrowdStrike countersued its customer. CyberDaily reports CrowdStrike’s statement, previously reported by The Times of India, but adds CrowdStrike’s counterclaim that Delta delayed its own recovery by refusing assistance from it and its partner, Microsoft: […]

Vendor News, News

October 28, 2024

1071 views 53 secs 0

Delta sues CrowdStrike over “catastrophic” software update that prompted mass flight disruptions

The Times of India reports that Delta Air Line sued CrowdStrike over the firm’s faulty software update in July that resulted in widespread outages for CrowdStrike customers. Delta had to cancel 7,000 flights for 1.3 million customers and suffered $500 million in losses. CrowdStrike responded to the lawsuit, which was filed in Georgia state court […]