Of Note

FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising

The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind...

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to Facebook—or if you need to send data at all By: Maria Puertas and Simon Fondrie-Teitler We all use the internet to complete increasingly sensitive tasks: book doctor’s...

GitHub revokes code signing certificates stolen in repo hack

Sergiu Gatlan reports: GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. So far, GitHub has found no evidence that the password-protected certificates (one Apple Developer ID certificate and two Digicert code signing certificates used for...

Case May Impact Role of Lawyers in Data Breaches and IR

Mark Rasch writes: On January 9, 2023, the U.S. Supreme Court heard oral arguments on a criminal tax investigation case out of California that might impact the scope and extent of attorney-client privileges in data forensic investigations. The case, called In Re Grand Jury, Dkt. No. 21-1397, involves a federal grand jury demand for records created...

Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

Habiba Rashid reports:  Ronald Craig Ilg, 56, was sentenced to eight years in prison for hiring hitmen on the dark web to assault and kidnap victims. The doctor in Spokane, Washington paid $60,000 in Bitcoin as payment for the tasks he asked the hitmen to perform. … the first was a former colleague, also a Spokane-area...

Zacks Investment Research notifies 820,000 clients

Bill Toulas reports: Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers. An internal investigation into the incident determined that a threat actor gained access to the network somewhere between November 2021 and August 2022. It is unclear if any data...

Stratford University discloses ransomware attack — but which ransomware attack?

In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker.  Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the...

Alleged French cybercriminal to appear in Seattle on Friday on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft

The following is the DOJ’s press release on Sebastien Raoult: Seattle – A 21-year-old French citizen from Epinal, France, will appear tomorrow January 27, 2023, in U.S. District Court in Seattle on a nine-count indictment alleging conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, four counts of wire fraud and three...