He hasn’t attracted much attention or media coverage yet, and he doesn’t have any leak site or Telegram account. However, those reporting breaches involving patient data should note a threat actor known as “Stuckin2019” (or simply “Stuck”).  Two of his recent attacks allegedly affected telehealth entities and 3.7 million patients. OpenLoop Health On January 7,...

Source

Jessica Adiele reports: Nigeria’s telecommunications regulator, the Nigerian Communications Commission (NCC), has directed telecom operators to notify the commission within four hours of detecting any cyberattack. The directive is contained in the Cyber Resilience Framework for Nigeria’s Communications Sector (CRF-NCS) released in February 2026. The rule will take effect in February 2027 and forms part of the regulator’s broader efforts to...

Source

Hayley Steele and Gregory Szewczyk of Ballard Spahr write: A new bill introduced in Connecticut—Connecticut Senate Bill 117, An Act Concerning Breaches of Security Involving Electronic Personal Information—would create mandatory forensic examination requirements for entities that experience a “massive breach of security,” defined as a data breach affecting at least 100,000 Connecticut residents, and imposes...

Source