Tag: Privacy Security Breaches

Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company’s network. The Chicago-based company’s over 10,000 employees provide their services to millions of consumers and more than 65,000 businesses from 30 countries. “Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts…

The International Criminal Court (ICC) said on Tuesday its computer system had been hacked, a breach at one of the world’s most high-profile international institutions and one that handles highly sensitive information about war crimes. The ICC said it had detected unusual activity on its computer network at the end of last week, prompting a response that was still ongoing….

  The University of Sydney (USYD) announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. The public university started operations in 1850 and has nearly 70,000 students and about 8,500 academic and administrative personnel. It is considered one of Australia’s most important educational institutes. In the data breach announcement, the…

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information. Duolingo is one of the largest language learning sites in the world, with over 74 million monthly users worldwide. In January 2023, someone was selling the scraped data of 2.6 million DuoLingo users on…

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. In a ‘Notice of Data Incident’ published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023. “On June 19, 2023, CDHE became aware it was the victim of…

The Australian Prudential Regulation Authority has slapped BNK Banking Corporation with a $247,500 fine for failing to meet its data reporting requirements to the APRA.  In a statement, the prudential regulator said BNK was 32 days late in filing statistical reports for the month ending Feb. 23 under the Economic and Financial Statistics program. This failure to report data by…

Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company’s servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible…

Sweden’s data protection watchdog has issued a couple of fines in relation to exports of European users’ data via Google Analytics which it found breach the bloc’s privacy rulebook owing to risks posed by US government surveillance. It has also warned other companies against use of Google’s tool. The fines — just over $1.1 million for Swedish telco Tele2 and…

  The U.S. government has confirmed that multiple federal agencies have fallen victim to cyberattacks exploiting a security vulnerability in a popular file transfer tool. In a statement shared with TechCrunch, CISA confirmed that “several” U.S. government agencies have experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software….

The U.S. government has been hit in a global hacking campaign that exploited a vulnerability in widely used software, the nation’s cyber watchdog agency said on Thursday. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said several federal bodies had experienced intrusions following the discovery of a weakness in the file transfer software MOVEit, Eric Goldstein, the agency’s executive assistant…

When then-prime minister Malcolm Turnbull called for heads to roll after the 2016 census was pulled offline – amid fears IBM’s data servers hosting the survey had been infiltrated – the American enterprise technology giant made an important decision. IBM ran most of the big mainframe systems that had powered core government functions for several decades, earning it billions of…

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. Their victims span a wide range of critical sectors, including government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing…

  One of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of almost six million patients. PharMerica operates over 2,500 facilities across the U.S. and offers more than 3,100 pharmacy and healthcare programs. In a data breach notification filed with Maine’s attorney general, PharMerica said it learned of suspicious activity on…

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

Hackers have stolen email addresses, direct messages, and other personal data from users of two dating websites, according to a data breach expert.

Earlier this week, someone alerted Troy Hunt, the founder and maintainer of the data breach alerting website Have I Been Pwned, that hackers had breached two dating websites, CityJerks and TruckerSucker. Hunt told TechCrunch that he analyzed the stolen data and found usernames, email addresses, passwords, profile pictures, sexual orientation, users’ date of birth, their city and state, their IP addresses, and biographies. The stolen passwords are scrambled with a weak algorithm that could potentially be broken and allow hackers to see the actual passwords.”

In court papers filed late Wednesday, the Justice Department lawyers said releasing 21-year-old Jack Teixeira from jail while he awaits trial would be a grave threat to the U.S. national security. Investigators are still trying to determine whether he kept any physical or digital copies of classified information, including files that haven’t already surfaced publicly, they wrote.

“There simply is no condition or combination of conditions that can ensure the Defendant will not further disclose additional information still in his knowledge or possession,” prosecutors wrote. “The damage the Defendant has already caused to the U.S. national security is immense. The damage the Defendant is still capable of causing is extraordinary.”

A detention hearing is scheduled for Thursday in the federal court in Worcester, Massachusetts, for Teixeira, who has been in jail since his arrest earlier this month on charges stemming from the highest-profile intelligence leak in years.