The tally of individuals whose health data was compromised in a hack on MOVEit file transfer software used by Welltok, a provider of online wellness resources to dozens of health plans, has soared to nearly 8.5 million. The hack is among the biggest health data breaches reported so far this year.
Global Tel*Link, a major telecommunications provider for state and federal prison systems, will be required to notify the FTC and consumers of future security incidents after a sweeping data breach left hundreds of thousands of its users vulnerable to identity theft and other privacy concerns.
This week, mortgage lender Mr. Cooper recovered from a cyberattack, ChatGPT struggled with distributed denial-of-service attacks, a cybercrime group’s business model was exposed, hackers stole data of loyalty club members of Marina Bay Sands in Singapore, and more.
A major healthcare provider in Chicago that targets underserved populations is notifying 1.2 million patients that their information was compromised in a data theft incident at a medical transcription vendor. The county said it is among "many" entities affected.
This week, Canada banned WeChat and Kaspersky apps, REvil members faced trial in a Russian military court, the British Library experienced an IT outage, Iranian state-backed hackers targeted Middle East governments and European officials extended the ban on Meta's behavioral advertising practices.
Once ransomware hackers get inside a healthcare sector organization's systems, 3 in 4 attackers will also maliciously encrypt data, says security firm Sophos. Attackers successfully encrypted data in 75% of ransomware attacks on healthcare sector entities, researchers report.
This week: espionage group exploits a zero-day in Roundcube Webmail, Cloudflare records a surge in HTTP DDoS attacks, ZScaler detects a spike in IoT hacks, the International Criminal Court says its cyber incident was espionage and the Kansas court system still offline.
Widely used password management software provider 1Password said a hacker breached had one of its systems but failed to steal any sensitive data, after stealing a valid session cookie from the customer support system of its access and identity management provider, Okta.
A breach of Okta's support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant's customers. San Francisco-based Okta said the threat actor could view filed uploaded by certain customers as part of recent support cases.
The Kansas Supreme Court said it is probing a "security incident" that has disrupted access to IT systems also used by the state's Court of Appeals and every District Court but one, leaving them unable to accept electronic filing of documents or process some cases.
A British financial regulator fined American credit reporting agency Equifax 11 millions pounds ($13.4 million) for its role in one of the world's largest data breaches. Chinese military hackers in 2017 exploited a well-known vulnerability in the company's online dispute portal.
This week: Google began phasing out passwords, Microsoft to bid VBScript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S. voter registration data stolen from the District of Columbia, and Volex reports a hack attack.
Hotel and casino giant MGM Resorts says the recent hack attack against it cost $110 million in lost revenue and mitigation expenses. The publicly traded company expects to recoup losses and costs to date via cyber insurance. MGM Resorts says that its investigation remains ongoing.
Fundraising software powerhouse Blackbaud will pay $49.5 million to settle a multistate investigation into the company's data security practices and its response to a 2020 ransomware attack. The firm must also enhance its security and not misrepresent its data security practices.
Trick question for CSOs: When does a security incident qualify as being a data breach? The answer is that it's "a very complicated question" best left to the legal team, said former Uber CSO Joe Sullivan, sharing lessons learned from the U.S. Department of Justice's case against him.