Category: Cyber-Crime

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to what the newspaper calls a cyberattack.

The company was working to restore print operations after a cyber incursion that prevented the printing of the newspaper’s Sunday print edition, the Inquirer reported on its website. The news operation’s website was still operational Sunday, although updates were slower than normal, the Inquirer reported.

Inquirer publisher Lisa Hughes said Sunday “we are currently unable to provide an exact time line” for full restoration of the paper’s systems. 

WASHINGTON – Google, a unit of Alphabet, has agreed to pay US$8 million (S$10.7 million) to settle claims it used deceptive advertisements to promote the Pixel 4 smartphone, Texas Attorney General Ken Paxton announced on Friday.

The search and advertising giant, which also makes Android smartphone software and owns YouTube, has been scrutinised for antitrust and consumer protection infractions by both the federal government and state attorneys general. The federal government has filed two antitrust lawsuits.

In this instance, Paxton’s office alleged that Google hired radio announcers to give testimonials about the Pixel 4 even though the company had refused to allow them to use one of the phones.

“If Google is going to advertise in Texas, their statements better be true,” Paxton said in a statement. “In this case, the company made statements that were blatantly false, and our settlement holds Google accountable for lying to Texans for financial gain.”

The U.S. Federal Trade Commission is alleging Facebook “repeatedly violated its privacy promises” and is proposing a “blanket prohibition” on parent company Meta’s monetization of data of users under 18. The company, meanwhile, called the move “a political stunt.” The FTC on Wednesday moved to expand its USD5 billion privacy order with then-Facebook from 2020, claiming the company failed to…

A man widely seen as the godfather of artificial intelligence (AI) has quit his job, warning about the growing dangers from developments in the field.

Geoffrey Hinton, aged 75, announced his resignation from Google in a statement to the New York Times, saying he now regretted his work.

And in a BBC interview on Monday, he said: “I can now just speak freely about what I think the dangers might be.

A new law that seeks to give Canadian artists a leg up online has left many influencers and tech giants alike seeing red.

They took out subway ads, they posted TikToks, but in the end, the score was Silicon Valley-0, Ottawa-1.

After many twists and turns, and over two-and-a-half years of review, the Canadian government has passed a new law that makes tech giants like YouTube and TikTok support Canadian cultural content.

The law, dubbed Bill C-11, gives the Canadian Radio-television and Telecommunications Commission (CRTC) broad authority to regulate these platforms, much like they already do with radio and television.

The government says it is necessary to stop streaming giants from getting a free ride, and to promote local artists.

Although it’s still unclear what those final regulations will look like, the law has raised the ire of everyone from TikTokers to esteemed author Margaret Atwood.

E2EE is a widely used technology that protects everyone’s privacy and security by encoding the contents of digital communications and files so that they’re decipherable only by the sender and intended recipients. Not even the provider of the E2EE service can read or hear its users’ conversations. E2EE is built in by default to popular apps such as WhatsApp, iMessage, FaceTime, and Signal, thereby securing billions of people’s messages and calls for free. Default E2EE is also set to expand to Meta’s Messenger app and Instagram direct messages later this year. 

E2EE’s growing ubiquity seems like a clear win for personal privacy, security, and safety, as well as national security and the economy. And yet E2EE’s popularity has its critics – including, unfortunately, Sen. Durbin. Because it’s harder for providers and law enforcement to detect malicious activity in encrypted environments than unencrypted ones (albeit not impossible, as I’ll discuss), law enforcement officials and lawmakers often demonize E2EE. But E2EE is a vital protection against crime and abuse, because it helps to protect people (children included) from the harms that happen when their personal information and private conversations fall into the wrong hands: data breaches, hacking, cybercrime, snooping by hostile foreign governments, stalkers and domestic abusers, and so on.

That’s why it’s so important that national policy promote rather than dissuade the use of E2EE – and why it’s so disappointing that STOP CSAM has turned out to be just the opposite: yet another misguided effort by lawmakers in the name of online safety that would only make us all less safe. 

First, STOP CSAM’s new criminal and civil liability provisions could be used to hold E2EE services liable for CSAM and other child sex offenses that happen in encrypted environments. Second, the reporting requirements look like a sneaky attempt to tee up future legislation to ban E2EE outright.

First Republic Bank, on the brink of collapse in the weeks after the Silicon Valley Bank crisis, has finally fallen over, but with a relatively quick resolution into its next chapter: today the FDIC announced that it was being closed by the the California Department of Financial Protection and Innovation, that the FDIC was appointed as receiver, and that the FDIC would be selling the assets to JPMorgan.

Its assets and deposits total just over $330 billion together.

Specifically, “to protect depositors, the FDIC is entering into a purchase and assumption agreement with JPMorgan Chase Bank, National Association, Columbus, Ohio, to assume all of the deposits and substantially all of the assets of First Republic Bank,” it said.

The FDIC also confirmed deposits will continue to be insured by the FDIC at an estimated cost of about $13 billion to its insurance fund.

In February, Hong Kong proposed a set of welcoming rules to regulate crypto-related activities. Under the new legal regime, retail investors will be allowed to trade certain digital assets on licensed exchanges, replacing a 2018 framework that restricted trading to only accredited investors.

The city is also paving the way to legalize stablecoins. One startup, which is backed by popular exchange KuCoin and USDC issuer Circle, recently launched an offshore Chinese yuan (CNH)-pegged stablecoin, the first of its kind in Greater China.

To create a favorable environment for web3 businesses, the city is facilitating communication between banks and crypto startups, many of which are scrambling to find alternatives following Silvergate Bank’s meltdown.

These moves are contrasting with Beijing’s heavy-handed crackdown on the crypto industry; they also highlight the degree to which the former British colony enjoys policy exceptions in certain areas, such as finance.

The U.S. government has sounded the alarm about a critical software vulnerability found in genomics giant Illumina’s DNA sequencing devices, which hackers can exploit to modify or steal patients’ sensitive medical data.

In separate advisories released on Thursday, U.S. cybersecurity agency CISA and the U.S. Food and Drug Administration warned that the security flaw — tracked as CVE-2023-1968 with the maximum vulnerability severity rating of 10 out of 10 — allows hackers to remotely access an affected device over the internet without needing a password. If exploited, the bug could allow hackers to compromise devices to produce incorrect or altered results, or none at all.

A United States judge has ordered a South African executive to pay more than US$3.4 billion (S$4.5 billion) in restitution and fines for a fraud scheme involving Bitcoin – the highest-ever civil monetary penalty in any US Commodity Futures Trading Commission (CFTC) case.

Cornelius Johannes Steynberg, the founder and chief executive officer of Mirror Trading International Proprietary, committed fraud tied to retail foreign currency transactions, among other violations, the agency said in a statement that announced the order by US District Judge Lee Yeakel.

Hackers have stolen email addresses, direct messages, and other personal data from users of two dating websites, according to a data breach expert.

Earlier this week, someone alerted Troy Hunt, the founder and maintainer of the data breach alerting website Have I Been Pwned, that hackers had breached two dating websites, CityJerks and TruckerSucker. Hunt told TechCrunch that he analyzed the stolen data and found usernames, email addresses, passwords, profile pictures, sexual orientation, users’ date of birth, their city and state, their IP addresses, and biographies. The stolen passwords are scrambled with a weak algorithm that could potentially be broken and allow hackers to see the actual passwords.”

Two commanders in the Massachusetts Air National Guard were temporarily suspended last week in connection with a federal investigation into alleged classified intelligence leaker Jack Teixeira, the Air Force confirmed Thursday.

Col. Sean Riley, commander of the 102nd Intelligence Wing at Otis Air National Guard Base on Cape Cod, suspended the head of the subordinate 102nd Intelligence Support Squadron where Teixeira worked. The commander in charge of supporting airmen like Teixeira, who are mobilized on full-time, active-duty Title 10 orders, was suspended as well, according to Air Force spokesperson Rose Riley.

In addition to temporarily removing the commanders from their jobs, the Department of the Air Force has also revoked their access to classified networks and information, Riley told Air Force Times. Reuters first reported the development on Wednesday.

Lyft said Thursday it will cut 26% of its workforce, or about 1,072 people, as part of a restructuring plan aimed at rebuilding its core ride-hailing product and boosting profits.

The company also said in a regulatory filing Thursday that it decided to scale back hiring plans and will eliminate 250 open job positions.

Lyft estimates that it will incur a cost of about $41 million to $47 million related to severance and employee benefits in the second quarter of 2023. The ride-hailing company also said it expects additional costs related to stock-based compensation and the corresponding payroll tax expense related to employees who were impacted by this restructuring.

Last week, Lyft’s newly appointed CEO David Risher told employees in an email that the company would significantly reduce its workforce as part of a restructuring effort. Risher said the restructuring would be part of Lyft’s plan to “better meeting the needs of riders and drivers.”

Senator Brian Schatz is one of the more thoughtful Senators we have, and he and his staff have actually spent time talking to lots of experts in trying to craft bills regarding the internet. Unfortunately, it still seems like he still falls under the seductive sway of this or that moral panic, so when the bills actually come out, they’re…

Two decades of misconduct records will be now trickling out of the NYSP’s hands. One assumes it will be a very slow drip, one perhaps interrupted by last-minute admissions the NYSP has, say, destroyed records it was required to retain. A lot can happen over twenty years, but hopefully it won’t take twenty years for records requesters to obtain what they’re entitled to possess.

The Superior Court (basically the first level of state courts in New York) decision [PDF] is short and sweet. It not only directs the NYSP to comply with the law, but draws some other helpful legal conclusions along the way, like this one, which says cop shops can’t withhold information about officers who were investigated for misconduct, but later cleared of wrongdoing.

It is clear that the mere fact that the complaint was determined to be unsubstantiated does not categorically exempt the records from disclosure.