IN: Carmel Clay Schools notifying 15,817 after compromise of employee email accounts

On February 24, 2021, Carmel Clay Schools in Indiana discovered suspicious activity involving employee email accounts. Their investigation revealed that there had been unauthorized access between February 15 – February 24. It took the district, working with third-party forensic specialists, until August 31 to determine everyone who may have had personal information in the...

VA: Greensville County Public Schools hit by Grief threat actors

Grief threat actors have added another k-12 district to their list of victims who have refused to pay their ransom demands. Greensville County Public Schools in Emporia, Virginia was added to Grief’s dark web leak site on September 21. But by September 15, the district had already disclosed that they were dealing with a...

Police investigating City of Helsinki data breach involving over 140 victims

The Helsinki Times reports: Helsinki police have begun a preliminary investigation into the actions of an employee of the City of Helsinki, who violated data privacy regulations by accessing the personal information of several individuals in the healthcare system without permission. In July, the City revealed that the employee, who worked in the social services...

State-sponsored hacking group targets Port of Houston using Zoho zero-day

Catalin Cimpanu reports: A suspected state-sponsored hacking group has attempted to breach the network of the Port of Houston, one of the largest port authorities in the US, using a zero-day vulnerability in a Zoho user authentication appliance, CISA officials said in a Senate hearing today. Port officials said they successfully defended the attack, and...

Millions of South Africans caught up in security incident after debt recovery firm suffers ‘significant data breach’

Jessica Haworth has more details on a breach previously reported on this site. More than a million South African citizens have potentially had their personal data exposed after a ransomware attack at a debt recovery services firm. The company in question, Debt-IN Consultants, confirmed this week (September 22) that it had been the victim of a cyber-attack which resulted in...

How ransomware affects stock market share prices: report

Paul Bischoff reports: Comparitech researchers analyzed historical share price data of 24 companies listed on the New York Stock Exchange. For each stock, We pulled the closing share prices ranging from six months prior to a ransomware attack being publicly reported up to three years afterward. We additionally broke down the data by the...

Cybercriminals Abuse Donation Sites for Card Testing

From the what-will-they-think-of-next department. Researchers at GeminiAdvisory.io have an interesting report out this morning about how criminals use donation sites to see if stolen card numbers are working. As a past victim of stolen card numbers, I am used to seeing fraudsters make small charges on the card just to see if it’s working. But...