Collaborate Disseminate
In 2018, a criminal hacker known as “Lifelock” reached out to DataBreaches to share details about two healthcare entities that had not met his ransom demands. These entities were a dental practice in Menlo Park, California, and the Holland Eye Surgery … Continue reading Update: Robert A. Purbeck, aka “Lifelock, to plead guilty in Atlanta
Over the past few weeks, DataBreaches had occasionally checked a dark web leak site by an individual or group called “Mogilevich.” However, DataBreaches didn’t report on any of their claimed victims because the site and the claims see… Continue reading Fraudster’s fake data breach claims should remind media to be careful what we report
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
From the good folks at EPIC.org: On February 27, EPIC filed reply comments with the Federal Communications Commission supporting the FCC’s proposal to use funds from its E-Rate program to support strengthening cybersecurity at schools and libraries, as… Continue reading EPIC Emphasizes That FCC Pilot Program Protect Student Privacy, Not Just School Cybersecurity
Bill Toulas reports: A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. The sa… Continue reading Hackers target FCC, crypto firms in advanced Okta phishing attacks
Stacey Higginbotham and Daniel Wroclawski report: On a recent Thursday afternoon, a Consumer Reports journalist received an email containing a grainy image of herself waving at a doorbell camera she’d set up at her back door. If the message came from a… Continue reading These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway.
David DiMolfetta reports: A new White House directive that gives agencies the legal power to prevent Americans’ sensitive data from falling into the hands of foreign adversaries is getting mixed reviews, with industry executives saying it could risk mu… Continue reading Biden’s new data security order leaves industry officials, privacy advocates scratching their heads
YLE News, STT report: Some patients from the Vastaamo psychotherapy centre had died by suicide after their patient records were stolen and used in extorition attempts, according to a lawyer representing victims. Legal arguments in the trial of Aleksant… Continue reading Vastaamo victims’ lawyer: Some took their own lives after patient record leak
TO THE CONGRESS OF THE UNITED STATES: Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report t… Continue reading Message to the Congress on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
Brian Krebs reports: The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing fro… Continue reading Fulton County, Security Experts Call LockBit’s Bluff