From the way-too-slow-learning-curve dept. Steve Alder reports: Healthcare organizations are exposing a vast amount of patient data by failing to implement even basic security measures for DICOM servers, according to a recent Trend Micro TrendAI analysis. TrendAI identified thousands of internet-facing DICOM servers belonging to hundreds of entities. The lack of security protections puts patient...

Source

DataBreaches posted the following opinion piece on LinkedIn this morning in my Dissent Doe, PhD account: Last night, Canvas was restored, and the Instructure leak site listing was removed from the threat actors’ leak site. The listing is still not on the leak site as of this morning. Given ShinyHunters’ practices, this usually indicates that...

Source

Nancy Eff Presnell, Gene F. Price, and Matthew R. Schantz write: A recent high-profile incident illustrates the growing litigation and regulatory risks that financial institutions face from vendor-driven data breaches. Within weeks of a national bank confirming a data security incident at a third-party service provider, at least two putative class actions were filed, though...

Source

Audit conducted by NYS Comptroller’s Office between 2020-2025 found multiple concerns leaving students and employees at risk of privacy and data security breaches. The auditor also criticized the city for failing to cooperate in a timely manner with the auditor’s requests for information.  In June 2014, a decade after the NYC Education Department had been...

Source

From the DOJ’s press release: A Latvian national was sentenced today to 102 months in prison for his role in a major Russian ransomware organization that stole from and extorted over 54 companies. According to court documents, Deniss Zolotarjovs (Денисс Золотарёвс), 35, of Moscow, Russia, was a member of a ransomware organization led by former...

Source

Check Point Researchers recently dug into all three versions of VECT’s ransomware. And what they found should concern anyone who discovers they have been locked by it. From their blog post: Ransomware is supposed to be reversible. The attacker locks your files, holds the key, and returns it when you pay. That’s the business model. VECT’s software...

Source

Data from Japanese firms indicates that paying ransom is unlikely to enable full recovery of encrypted data. Japan Today reports: At least 222 Japanese companies have paid ransomware attackers in the past, yet about 60 percent of them still failed to recover their data, according to a recent survey. Of 1,107 firms that responded to...

Source

A DataBreaches.net Editorial The “BlueLeaks 2.0” data breach may be the worst privacy and data security breach affecting students that DataBreaches has seen in 20 years of reporting on breaches affecting the education sector. If people thought the Power School incident was the worst ever, hold my coffee. Who will hold P3 Global Intel (“P3”)...

Source

Kenneth Araullo reports: A single ransomware crew exploiting a single brand of firewall is now driving nearly half of all cyber insurance claims, At-Bay has warned, in a finding that recasts how underwriters and brokers should be thinking about risk selection. The cyber carrier’s 2026 InsurSec Report, drawn from more than 6,500 claims and 100,000...

Source

Yesterday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced settlements with four regulated entities following separate ransomware investigations under HIPAA’S Security Rule. For those keeping count: the resolutions announced mark 19 completed investigations from ransomware breaches and 13 completed investigations in OCR’s Risk Analysis Initiative. The settlements follow...

Source

From the so-there-they-are! dept Out of sight, out of mind? It seems like ages ago that DataBreaches last reported on the Trigona ransomware group, but it was actually in September 2023. After that, DataBreaches lost track of them, and after a few months, concluded that they had disappeared or disbanded. But a check of ransomlook.io...

Source

Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alone, RAMP functioned like a business platform where criminals could sell access, recruit affiliates, advertise ransomware, and negotiate deals in private. What...

Source

Just when I thought I might be done with work for the day, DataBreaches received an email from “Internet Yiff Machine” (IYM),  the hacktivist responsible for hacking P3 Global Intel in what has been called the “Blue Leaks 2.0” breach. As most readers know by now, IYM provided a dataset of 8.3 million tips that...

Source

Troutman Pepper Locke writes: In Part One of this series, we discussed how wellness products sit at the intersection of Food and Drug Administration (FDA), Health Insurance Portability and Accountability Act (HIPAA), Federal Trade Commission (FTC), and state privacy/breach laws. In Part Two, we analyzed FDA’s 2026 General Wellness guidance and what it means for device-level cybersecurity expectations....

Source

Alberto Payo reports: A cybersecurity company based in Mexico, BePrime, was reportedly the victim of a cyberattack that allegedly resulted in the leak of 12.6 GB of data and access to network infrastructure and video surveillance, according to information published by the supposed attacker on a cybercrime forum. The company, which provides connectivity and security services to large corporations...

Source

There’s a thought-provoking article on CyberScoop by Mary Catherine Sullivan and Brett Callow of FTI. They provide examples of three types of incidents in which AI has created or contributed to fake narratives that can trigger a crisis response, require allocating significant resources, damage reputation, or give journalists a professional black eye: A company wakes...

Source

A new report by Reliaquest considers data suggesting that former Black Basta affiliates are not only using the gang’s social engineering playbook, but have been successfully honing it and targeting corporate executives: A new campaign is successfully evolving “Black Basta’s” signature social engineering playbook into a faster, more targeted, and increasingly automated intrusion method aimed at senior...

Source

Laura Pippig reports: A security vulnerability was recently discovered in Microsoft Defender, the first-party Windows 11 antivirus tool used by millions. Attackers can exploit this vulnerability to gain elevated system privileges and cause significant damage without users noticing. The so-called “RedSun” vulnerability was discovered by security researcher Chaotic Eclipse, the same one who previously published a...

Source

Introduction P3 Global Intel advertises itself as a “fully integrated and state-of-the-art tip acquisition and tip management solution that has quickly become the leading choice of Crime Stoppers Programs, Law Enforcement Agencies, Campus Safety Programs, and Federal Agency Initiatives.”  35,000 U.S. schools use P3 Campus, which partners with “safer school” initiatives such as Sandy Hook...

Source

When the FBI issued a Private Industry Notice in May 2025 about the Silent Ransom Group (SRG) targeting law firms, they were not exaggerating. The image on the left side of this post is not a new geometric wallpaper. The green boxes represent law firm listings on SRG’s leak site. There are about 38 by...

Source