Joseph Topping reports: Heywood Hospital and Athol Hospital said a network outage this week was caused by a cybersecurity incident. The hospitals said they took affected systems offline and engaged a third-party cybersecurity firm. The facilities—Heywood Hospital in Gardner, Massachusetts, and Athol Hospital in Athol, Massachusetts—remain open and caring for patients; earlier in the week...

Source

Ionut Arghire reports: More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns. Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems. According to the US-based...

Source

On October 14, the attorney for the man whom France claims to be the head of ShinyHunters held a press conference that included some statements on his client’s case. So far, neither France nor the attorney, Juan Branco, has disclosed the arrested man’s name, so we are not really sure who his client is. All...

Source

Jacob Roach reports: You’re constantly leaving your fingerprint all over the internet. You leave it with the personal information you share willingly, the personal information you share unknowingly, and with the mountain of data that gets sent to each website you load. Maybe you know a thing or two about privacy and decided to pick up a...

From a press release by Claro: The Town of Dover has taken a bold step forward in public safety by partnering with Claro to deploy advanced AI-driven surveillance technology across its municipal buildings. This initiative, which enhances both security and operational efficiency, is already being recognized as a model for smart city innovation. With the...

NEW YORK—The United Automobile Workers (UAW), Communications Workers of America (CWA), and American Federation of Teachers (AFT) filed a lawsuit today against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of protected expression online. The complaint asks a federal court to stop this unconstitutional surveillance program, which has silenced and...

Here’s a must-read post, especially if you read and repeated claims that DragonForce, Qilin, and LockBit have formed some kind of cartel. Marco A. De Felice writes on SuspectFile: In the recently published “Threat Spotlight: Ransomware and Cyber Extortion in Q3 2025” by ReliaQuest, one particular section drew significant attention: the claim of an alleged “alliance” between three ransomware...

Source

Nicole Aljet reports an update on a data breach that had been disclosed by Regal Medical Group in February 2023. Current and former patients who received a notice in early 2023 stating a data breach involving Heritage Provider Network or its affiliates may have exposed their personal or medical information could qualify to claim a cash payment...

Source

Stewart Lewis reports: Operations at the Kelowna, B.C., airport (YLW) were disrupted Tuesday evening after its passenger information screens and public address systems were overtaken in a terrorist cyberattack. The incident began about 5:15 p.m., when pro-Hamas messaging could be seen and heard throughout the airport. A message took over flight information screens announcing the system was...

Source

Greg Otto reports: F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what it’s calling a “highly sophisticated” cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of...

Source

Resecurity has published a new report, “Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate.”  Here is the introduction: The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable...

Source

Lauren Giella reports: Oklahoma health system Integris Health reached a $30 million settlement in a data breach class action lawsuit that impacted over two million people over two years ago. This agreement settles a class action lawsuit filed in the U.S. District Court for the Western District of Oklahoma that accuses Integris of negligence after...

Source

Yonhap News reports: The Ministry of Science and ICT said Monday it has asked the police to investigate allegations that KT obstructed a government probe into the company’s unauthorized mobile payment breaches. In late August, unauthorized mobile payments worth a combined 240 million won ($168,000) were reported in Seoul and nearby areas after the personal...

Source

Lawrence Abrams reports: Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. The flaw was addressed with an out-of-band security update released over the weekend, which Oracle said could be used to access “sensitive resources.” “This...

Source

The Information Commissioner’s Office has fined Capita plc and Capita Pension Solutions Ltd a combined £14m following a cyber attack in April 2023 which saw hackers gain access to over 6m people’s data. Stroud News & Journal reports: Outsourcing giant Capita has been fined £14 million by the Information Commissioner’s Office (ICO) for failing to...

Source

Stephen Withers reports: Regulations such as the General Data Protection Regulation (GDPR) and the Australian Prudential Regulation Authority’s (Apra’s) CPS 230 standard have led organisations to become “really obsessed” with the 72-hour notification window following a data breach, according to Shannon Murphy, global security and risk strategist at Trend Micro. However, this focus means many are still...

Source

Jay Peters reports: 5CA is a customer service support company that works with Discord. Recently, the chat platform said the vendor had been breached as part of a “security incident” where 70,000 government ID photos may have leaked. Now, 5CA says in a post on its website that it was “not hacked.” According to Discord, “this incident impacted a...

Source

NEW YORK – New York Attorney General Letitia James today secured $14.2 million from eight car insurance companies for failing to protect the private information of more than 825,000 New Yorkers. The data breaches were part of a hacking campaign that targeted car insurance companies’ quoting tools and stole people’s personal information, including driver’s license...

Source

Steven L. Imber, Justin T. Liby, Jennifer L. Osborn, Zachary R. Dyer, and Pavel (Pasha) A. Sternberg of Polsinelli PC write: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks.  In the...

Source

Gabriel Geiger, Crofton Black, Emmanuel Freudenthal, and Riccardo Coluccini report: … Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with a footprint extending from the Vatican to the Middle East to Silicon Valley. It...