NATHAN AUSTAD, one of three people indicted for hacking DraftKings in 2022 has now been sentenced to 18 months in prison. In April, a second man, KAMERIN STOKES, a/k/a “TheMFNPlug,” was sentenced to 30 months in prison for his role, while JOSEPH GARRISON was sentenced in 2024 to 18 months: United States Attorney for the...

Source

In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its’ dark web leak site with a claim that they had acquired 900 GB of data. Cephalus disappeared from public view days later, and never leaked the data on any server that...

Source

Yes, another entry in our “no need to hack when it’s leaking” archives, and another example of entities trying to excuse their security  failures by claiming they were “hacked.” Danny Bradbury cuts to the chase: Some organizations exist to be exclusive. They’re invite-only, and discreet, the kind of place where the membership directory is the...

Source

Kyiv Post reports: Ukrposhta, Ukraine’s national postal service, announced system malfunctions following a cyberattack overnight going into Thursday. In a brief update, the state-run postal service said it is working to restore operations and would provide updates as they become available. “Due to a nighttime hostile attack on IT systems, the Ukrposhta application is temporarily malfunctioning,”...

Source

David Stauss of Stauss Law writes: Key point: Our new chart compares the data broker laws of California, Connecticut, Nevada, Oregon, Texas, and Vermont, covering applicability standards, registration and disclosure obligations, consumer rights, and penalties. State data broker laws are proliferating, and they vary widely in scope and structure. Connecticut recently passed a data broker...

If there were a soundtrack for this post, it would be Queen’s “Another One Bites the Dust.” There’s another chapter in the ongoing drama that is “BreachForums.” Yesterday,  the BreachForums clone at breached[.hn]  was listed for sale for $3k USD. By today, they had dropped the price to $ 1,500 USD and still couldn’t seem...

Source

Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media’s review of the stolen data. …  404 Media downloaded the full 45GB data dump and found the...

Source

Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations continued to run normally and were not affected by the incident. […] While Tata Electronics has not disclosed the threat actor’s identity,...

Source

Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password manager maker LastPass is notifying customers that their personal information and customer support case records were stolen during a recent hack...

Source

MITSloan reports: The intelligence alliance of the United States, United Kingdom, Canada, Australia, and New Zealand, commonly known as Five Eyes, has raised concerns over rapidly advancing artificial intelligence, which can supercharge offensive hacking capabilities. In a three-page statement, the alliance called for urgent action to confront the threat. “Frontier AI models are anticipated to...

Source

Over on SuspectFile, Marco A. De Felice reflects on how we may overfocus on identifying threat actors exploiting vulnerabilities while failing to focus enough on root causes and incident response. He highlights what he calls a structural fragility that cannot be ignored: that many organizations continue to collect, centralize, and retain vast amounts of sensitive...

Source

Paige Collings and Jillian C. York write: This week, politicians in the UK pushed forward with plans to eviscerate privacy and free speech on the internet by announcing a ban on social media for users under 16 that is set to take effect in Spring 2027. The UK government continues to falsely characterize this policy as a necessary response...

Zack Whittaker reports: Anthropic may ask Claude users to verify their age and identity by uploading their government-issued documents, according to a new version of the company’s privacy policy. The AI giant says the move was to allow users to appeal having their account flagged for potentially fraudulent activity rather than outright banning them, but...

David E. Rattray reports: A few minutes before 7 in the evening on May 9, 2025, a deputy in the Johnson County, Tex., sheriff’s office sat at a computer seeking information about a missing resident’s car. In the spot where officers were required to give a purpose for their requests, the deputy typed, “had an...

Lauren Rankin writes: New York had the chance to make history in more arenas than basketball this June. Earlier this month, the New York Senate passed the Maternal Health, Dignity and Consent Act, becoming the first legislative chamber in the country to pass legislation that would require informed consent for drug testing of pregnant people. But despite that...

Two members of Scattered Spider, who were arrested in 2024 and 2025, have reportedly changed their pleas to guilty just before their trials were set to begin. Victoria Collins reports: Two men have pleaded guilty to offences in connection with a massive cyber attack which caused Transport for London (TfL) months of disruption and cost...

Source

Xsolis, Inc. is a business associate in the healthcare sector, providing utilization and case management services. They describe themselves as applying “industry-leading AI and automation to ensure appropriate care settings and accelerate collaboration across a connected network of providers and payers.” On June 19, California Attorney General’s Office posted a copy of a breach notification...

Source

On April 19, 2026, Cherry Health in Michigan detected suspicious network activity. Investigation revealed that an unknown person or persons had gained access to its network and copied data. On June 18, Cherry Health published a preliminary notice on its website.  The notice makes no mention of any earlier reporting on the incident that had...

Source

This is the kind of cyberattack that can put lives at risk and makes me want to wring some necks if I wasn’t so old and feeble. Demócrata reports: Brazil’s Civil Defense has reported this Saturday that its official alert system has been the target of a cyberattack, an incident that is already being investigated...

Source

June was a challenging month for Novo Nordisk regarding cybersecurity and intellectual property protection. The pharma giant allegedly had some of its data — including intellectual property — stolen by two independent groups of threat actors. Unaware of each other, each group claimed to have acquired a large amount of valuable information. One demanded $25...

Source