In December 2024, EdTech vendor PowerSchool was hit with a major attack that reportedly affected more than 60 million students and employees throughout the country. But that wasn’t the only major attack affecting an education sector vendor in December. Teiss reports that a retirement services vendor was also the victim of an attack: About 50 […]
Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed […]
There is another update to Rhode Island’s incident response to a cyberattack last year that involved their vendor, Deloitte. Data from the state’s portal called RIBridges was acquired and leaked by threat actors when their ransom demands were not paid. Now WPRI reports: An outside consulting group will provide Rhode Island with millions in funding […]
Another day, another critical patch. The Register reports: Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices. Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform. […]
Cisco should have a bit of a professional red face or black eye this week after hackers leaked data acquired from them due, in part, to a mistake. Cybersecurity News reports: The notorious hacker IntelBroker has leaked 2.9GB of data allegedly stolen from Cisco’s DevHub environment. This partial leak, disclosed on December 16, 2024, is […]
Deloitte has been getting its name in the news this month, but not in a good way. First, a ransomware group named “Brain Cipher” claimed to have attacked Deloitte UK. Deloitte responded to their claims by denying that their network was breached and stating that the breach involved a single client’s system that is not […]
Employee eligibility verification solutions provider Form I-9 Compliance suffered a data breach on February 5, 2024. Its impact is way, waaaaay bigger than initially reported. Security Week reports: In late May, the company started informing customers that someone had gained unauthorized access to its network in early February. The intrusion was detected on April 12 […]
The MOVEit breach was one of the biggest breaches of 2023. Cl0p threat actors exploited vulnerabilities in the file transfer software and exfiltrated massive amounts of data from entities in all sectors. Now data from Amazon and almost three dozen other MOVEit victim entities is being leaked on BreachForums by a forum user calling themself […]
Days after Delta Air Lines sued cybersecurity vendor CrowdStrike for $500 million in losses that it attributes to the vendor’s outage, CrowdStrike countersued its customer. CyberDaily reports CrowdStrike’s statement, previously reported by The Times of India, but adds CrowdStrike’s counterclaim that Delta delayed its own recovery by refusing assistance from it and its partner, Microsoft: […]
Tips for Vacation Rental, Property Mgmt. Businesses Facing Vendor Cybersecurity Risk
Lawyers at JacksonLewis write: Last year, as reported on the Maine Attorney General’s Office website, Resort Data Processing (RDP) experienced a data breach affecting over 60,000 individuals caused by a “SQL injection vulnerability which allowed an unauthorized third party to redirect payment card information from in-process transactions on our RDP’s clients’ on-premises Internet Reservation Module (“IRM”) […]