Breach Incidents

Oops? RaidForums data marketplace accidentally exposes private staff page

Ax Sharma reports: RaidForums is an underground place where private databases obtained from data breaches, vulnerability exploits, and credit card information sets are illegally traded by threat actors, or sometimes leaked for free. On RaidForums, the “Staff General” section is typically restricted to internal staff members only, but in an ironic twist of fate, this private section was accidentally left open for viewing...

Ransomware Resources for HIPAA Regulated Entities

The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021...

Adventures in Notification, Ethical Dilemma Edition

Long-time readers know that this blogger has encountered some interesting situations over the years in response to trying to engage in responsible disclosure of leaks or incidents.  As just a few examples (apart from all the lawsuit threats for exposing leaks or incidents), this blogger was: — threatened with being infected with HIV by...

Hacker Makes Off With $12 Million in Latest DeFi Breach

Dan Gunderman reports: In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value. In a series of tweets announcing the incident, pNetwork said, “We’re sorry to inform the community...

Afghanistan: Investigation launched into interpreter data breach

Today’s reminder that even the leak of an email address can put someone’s life at risk. Phil Kemp, Lucy Manning, and Ed Campbell report: Defence Secretary Ben Wallace has ordered an investigation into a data breach involving the email addresses of dozens of Afghan interpreters who worked for British forces. More than 250 people...

Tamil Nadu Public Department comes under ransomware attack

S. Vijay Kumar reports: A ransomware attack is said to have encrypted certain sensitive documents of the Tamil Nadu Public Department since Friday morning. Some of the files encrypted relate to VIP visits, their programmes and related arrangements made by State Protocol officials, official sources said. While the suspect has demanded payment of 1,950...

FocaLeaks claims to have hacked El Salvador Police, gained access to records on civilians, agents, and criminal investigations

Hacktivists known as FocaLeaks claim to have hacked and exfiltrated data on 37,000 agents of Policía Nacional Civil de El Salvador (PNC). The information can allegedly be used to access government records on all citizens and to access criminal investigations. Ransomware attacks on police departments have made headlines a number of times over the...