The US leg of an Australia-based shipbuilding company, Austal, which is a contractor for the US Department of Defense and the Department of Homeland Security, recently alerted the FBI and the Naval Criminal Investigative Service (NCIS) of a cyberattack. The cyberattack was claimed by the Hunters International ransomware group, which leaked stolen information as proof…

The Canadian government declared that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces…

Financial services firms affected by the mass attack on MOVEit file-sharing software are among the latest to face lawsuits from affected individuals. One such lawsuit, filed against Prudential, wants the firm to pay for 10 years of identity theft monitoring service since stolen Social Security numbers cannot be replaced. So far 998 organizations are known…

Not every data breach needs a hacker; sometimes just a careless employee will do. The U.S. Consumer Financial Protection Bureau said a now-ex-employee sent records containing Americans’ private data to a personal email account. Over the course of 14 emails, the employee sent records including two spreadsheets containing names and transaction-specific account numbers related to…

Russian-speaking ransomware gang BlackCat is leaking data stolen from a Pennsylvania-based healthcare group, including photos of breast cancer patients. On Saturday, the ransomware group posted on its dark leak site a message taunting Lehigh Valley Health Network. “We have been in your network a long time and have had time to study your business,” the…

In a statement published last week on its website, the hosting giant said a small number of customers complained in early December 2022 about their websites being intermittently redirected. An analysis showed the redirects occurring on apparently random sites hosted on GoDaddy’s cPanel shared hosting services. The redirects were difficult to reproduce. Further analysis revealed…

Media coverage of data breaches (e.g., Cisco, Flagstar Bank, South Denver Cardiology Associates) often puts a spotlight on the tail end of the cyberattack life cycle, focusing on the exfiltration points rather than how the threat actor got there. Post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials…

A new study polling 1,000 software developers and startup employees found 29% of companies use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach. Unprotected production data is defined as data that is not de-identified…

A data breach can destroy a business. For small- and medium-sized businesses (SMB), this is really especially concerning, as 60% will shut down within six months of the attack. While larger companies and agencies likely won’t have to shut their doors, they, too, suffer serious consequences. There are financial costs, which Ponemon Institute and IBM…