In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,...

Source

Instructure defines itself as the “O.G. champions of open edtech. The makers of Canvas, Mastery, and Parchment (solutions for learning, assessment, and credentialing). Host of the world’s largest online community of educators. (And yes—we’re ‘the panda people.’). We build industry-leading edtech, empowering both teachers and learners at every step of their journey.” Sadly, they were...

Source

From the U.S. Attorney’s Office, District of Maryland: A Maryland man is facing federal indictment stemming from an unauthorized computer access scheme involving a Maryland medical system. Matthew Bathula, 41, of Clarksville, is charged with two counts of unauthorized access to a protected computer, and one count of aggravated identity theft while working as a...

Source

Caitlyn Rosen reports: A class of Michiganders asserted in a federal lawsuit filed Thursday that a Thomson Reuters search engine wrongfully published their Social Security numbers. In an 11-page lawsuit filed in the U.S. District Court for the Eastern District of Michigan, the class claims Reuters search engines publicly displayed plaintiffs’ social security numbers in...

Source

In memoriam. Ayrton Senna, the greatest Formula One driver of all times, lost to this world on May 1, 1994 in a terrible crash at Imola. In the years following his death, some have matched or exceeded his record, but none of them could hold a candle to him. (Image credit: Getty Images)  

Source

Tyler Bridegan, Scott Hyman, Patrick Strubbe, and Sarah Wilk of Womble Bond Dickinson write: In a first of its kind, a California federal judge allowed claims against Bain Capital to proceed based on a data breach at its subsidiary, PowerSchool. Notably, many of the claims are based on conduct that occurred before Bain’s acquisition of PowerSchool. Although...

Source

Check Point Researchers recently dug into all three versions of VECT’s ransomware. And what they found should concern anyone who discovers they have been locked by it. From their blog post: Ransomware is supposed to be reversible. The attacker locks your files, holds the key, and returns it when you pay. That’s the business model. VECT’s software...

Source

A DataBreaches.net Editorial The “BlueLeaks 2.0” data breach may be the worst privacy and data security breach affecting students that DataBreaches has seen in 20 years of reporting on breaches affecting the education sector. If people thought the Power School incident was the worst ever, hold my coffee. Who will hold P3 Global Intel (“P3”)...

Source

Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that resulted in a data breach affecting about 77,000 customers. “After learning of the breach, Fidelity also failed to notify many impacted residents, including the relatives and minor children...

Source

Hyun Su-a reports: Duo Info, South Korea’s top matchmaking company, leaked the personal information of 430,000 members, authorities said. The leaked items went far beyond names and email addresses to include religion, hobbies, height, weight, education and remarriage history. Excluding income and asset information, virtually all of the members’ personal details were exposed externally. The...

Source

Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about students on a platform that promised them anonymity and security.  DDoSecrets.org named the incident “Blue Leaks 2.0” because, like a previous leak...

Source

And then there were three…. A third man has pleaded guilty to conspiring with two other cybersecurity professionals and BlackCat to use BlackCat’s ransomware and negotiation platform to target U.S. firms. Ryan Goldberg of Georgia and Kevin Martin of Texas pleaded guilty in December, and are scheduled to be sentenced on April 30.  Two of...

Source

Émile Marzolf, Ellen O’Regan, and Eliza Gkritsi report: The European Union’s unveiling of a mobile app to check people’s age online has quickly turned sour, as cybersecurity experts found glaring privacy and security problems with the code. European Commission President Ursula von der Leyen presented the age-verification tool in Brussels on Wednesday, saying it was...

Source

The IAPP writes: Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to...

Source

Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group (“SRG”).* In January, SRG gained access to the law firm of Orrick, Herrington & Sutcliffe LLP (“Orrick”). In...

Source

Two firms recently told DataBreaches that about 30% or more of their clients pay ransom after a cyberattack. But you may get a different impression from other findings. The Actuary reports: Initial ransom demands by cyber attackers surged by 47% last year but record numbers of businesses declined to pay up, according to a specialist...

Source

Angus Loten reports: From Europe to the Middle East, geopolitical conflicts have companies rereading the fine print on insurance policies that deny coverage for wartime cyberattacks. Act-of-war exclusions—a common provision in homeowners, life and travel insurance—are largely untested in the cyber market, where the line between cybercrime and nation-state warfare is unclear. That can leave...

Source

George Allison reports: In a new advisory, the NCSC warned that APT28, a cyber group linked to Russia’s GRU Military Unit 26165, has been exploiting vulnerabilities in edge network devices to conduct Domain Name System hijacking operations. DNS is the system that translates website addresses into the numerical IP addresses computers use to connect, and...

Source

One of the top-ranked law firms in the country confirmed today that it has suffered a data breach. Jones Day disclosed the breach after hackers known as Silent Ransom Group (SRG) posted the data ​to their dark web leak site on March 30. A spokesperson for the firm said that limited files for 10 clients...

Source

DysruptionHub reports: Gritman Medical Center began reopening clinics in Moscow, Idaho, on Friday after a cybersecurity incident disrupted outpatient care beginning early Wednesday, though the hospital and emergency department remained open throughout. Gritman first publicly disclosed the problem Thursday, saying several primary and specialty clinics were closed because of an electronic systems outage. In an update later that night,...

Source