Genetic testing company 23AndMe confirmed that it suffered a data breach in what appears to be a targeted attack on Jews & Chinese people. Hackers have put up for sale 1 million data points about Ashkenazi Jews, plus hundreds of thousands of Chinese users.
The #23AndMe data breach is way bigger than originally let on. 7 million customer records were compromised.
The company just sent out an innocuous sounding email about changes in there Terms of Service.
If you do not respond rejecting the change, you will give up the ability to be part of any class action lawsuits that are being filed, or take action in court against them.
They sent this out before they are notifying those whose data were breached.
DEVELOPING: A threat actor has listed patient data from HCA Healthcare for sale on a hacking forum. The seller claims to have 14 GB of data from 27,700,000 rows of data from 2020-2023.
HCA Healthcare allegedly has until July 10 to meet the demands (which were not disclosed publicly).
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
The security breach exposed the agent's support ticket queue, which contained user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets. #databreach@serghei@BleepinComputer
RiteAid was just one of many victims of the #MOVEit#databreach by #Clop. Now they're being sued by plaintiffs who call them "reckless" and "negligent" for not having encrypted the protected health information.
Imagine if every covered entity or business associate who didn't encrypt #PHI got hacked was sued over a vendor breach.
In this day and age where healthcare entities are under siege, is it somewhat reckless or negligent not to encrypt? And if not, will it ever be generally considered reckless and negligent?
According to reporting by The Register, Richard Addiscott, a senior director analyst at Gartner mentioned these stats in a talk this past week at a conference:
-- Just four percent of ransomware victims recover all their data
-- Only 61 percent recover data at all.
-- Victims typically experience 25 days of disruption to their businesses.
It's not clear to me if that is 61% of victims who pay or 61% of all ransomware victims, but reading the stats in context of the article, I'm thinking that means of those who pay. See what you think.
News about significant data breaches appear to break on a daily basis now. Yet some (business) people still give me strange looks when I tell them that the best way to protect data is to not have it stored. 🙄 You can‘t lose what you don‘t have. It‘s that simple. 🤷♂️
— #privacy#DataProtection#GDPR#InfoSec#InformationSecurity#DataBreach#DataBreaches
"Hackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the nation's largest cyber incident on record, according to a new report.
SektorCERT, a nonprofit cybersecurity center for critical sectors in Denmark, reported that attackers gained access to the systems of 22 companies overseeing various components of Danish energy infrastructure in May. The report published Sunday says hackers exploited zero-day vulnerabilities in Zyxel firewalls, which many Danish critical infrastructure operators use to protect their networks."
23andMe: The initial #dataBreach was limited, with the threat actor releasing 1 million lines of data for Ashkenazi people. However, on October 4, the threat actor offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased.
Identity services provider #Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system.
It seems that Alphv (BlackCat) has re-encrypted Henry Schein, Inc. again. This appears to be the third time the TAs have locked the firm.
People may remember BlackCat's post ranting about Coveware and their alleged advice to Henry Schein that led to BlackCat re-encrypting Schein the first time.
On November 22, the firm announced another disruption.
Chinese hackers who breached Microsoft's email platform this year managed to steal tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters on Wednesday. #databreach@razhael
"Based on 481 ransomware attacks from the Dutch police and a Dutch incident response party, we arrive at a number of key insights: Insurance led to a 2.8x higher ransom amount paid, without affecting the frequency of payments. Data exfiltration led to a 5.5 times higher ransom amount paid, without affecting the frequency of payments. Organizations with recoverable backups were 27.4 times less likely to pay the ransom compared to victims without recoverable backups.