Category: Surveillance & Privacy

There has been an unexpected validation of the title of Our Enemy, the Government (Brownstone, 2023). In a stunning indictment of the state of governance in the Australian state of Victoria, an unidentified senior bureaucrat classified citizens according to their compliance with the government’s Covid diktats. This is the state whose capital Melbourne suffered through the world’s longest lockdown (267 days!). Yet, according to the Australian Bureau of Statistics Victoria had the worst overall Covid mortality outcome between March 2020…

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about…

Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into the incident, it had determined that hackers had accessed 0.1% of its customer base. According to the company’s most recent annual earnings report, 23andMe has “more than 14 million customers worldwide,” which means 0.1% is around 14,000. But the company…

Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky. With over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total providers on its medical staff, Norton Healthcare is Louisville’s second-largest employer, with more than 140 locations throughout Greater Louisville and…

US-based genomics scientist Kevin McKernan says he has lost an estimated US $200,000 worth of research data after his account on file hosting service MEGA was deleted overnight. It appears that McKernan’s account was deleted by MEGA in response to an urgent injunction granted to New Zealand’s (NZ) Ministry of Health (MOH) to prevent the sharing of anonymised data leaked by whistleblower Barry Young. Young, a 56-year-old database administrator and former employee of the MOH, leaked data from a ‘pay…

As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. Threat actor leaking 23andMe data Source: BleepingComputer 23andMe told BleepingComputer that…

A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. These revelations come after U.S. Senator Ron Wyden, who serves on the Senate Intelligence Committee, sent a letter to the Department of Justice warning that various governments around the world have been requesting push notification data from two major tech companies. The goal of these requests is likely to gain access to data required to link…

Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response. Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in…

Boeing, a prominent aerospace manufacturer and defense contractor, found itself targeted by the Lockbit ransomware group at the end of October. This cybercriminal organization claimed responsibility for infiltrating Boeing’s systems and asserted that it had obtained a substantial amount of sensitive data. The group threatened to disclose this information unless Boeing engaged with them before the initial deadline, initially set for November 2, 2023, at 13:25:39 UTC but later extended to November 10, 2023. In early November 2023, Boeing officially…

The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems. Before the leak, LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files. Backup data published LockBit ransomware has leaked more than 43GB of files from Boeing after the company refused to pay a ransom. Most of the data listed on…

Hackers have accessed approximately 632,000 emails from the Department of Defense and other federal agencies this year, the US Office of Personnel Management (OPM) confirmed. The report detailed a large-scale cyberattack in May 2023 in which emails from US government offices, private sectors, airlines, and academic entities were accessed by a suspected Russian group called “CL0P.” Alongside electronic personal data, the actors breached internal tracking codes and government employee survey links issued by agencies. Through File Transfer Software The cybercriminals…

Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal information a day later, on October 12. The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods,…

Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers. Late last month, a threat actor leaked 23andMe customer data in a CSV file named ‘Ashkenazi DNA Data of Celebrities.csv’ on hacker forums. The file allegedly contained the data of nearly 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info, genetic predispositions, and more. Initial leak of 23andMe data on a…

Over the past two decades, online piracy has proven a massive challenge for the entertainment industries. It’s a global issue that’s hard to contain, but various anti-piracy group are doing their best to fight back. There’s a seemingly perpetual stream of takedowns, as evidenced by press releases that come out every week. However, some targets are particularly resistant to enforcement action and much harder to take offline. A few days ago, the Motion Picture Association (MPA) submitted an overview of…

Over the past year, new artificial intelligence tools and services have been surfacing everywhere. This AI boom followed the success of ChatGPT and many people believe these recent developments are just the beginning. While entrepreneurs and the public at large are mostly focused on the new possibilities the technology offers, many copyright holders are focused on potential threats. This includes the music industry’s anti-piracy arm, the RIAA, which previously took action against a popular AI-related Discord server that was shut…

Spanish airline Air Europa, the country’s third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. “We inform you that a cybersecurity incident was recently detected in one of our systems consisting of possible unauthorized access to your bank card data,” Air Europa said in emails sent to affected individuals and seen by BleepingComputer. “We have secured our systems, guaranteeing the…