Danish pharma giant Novo Nordisk disclosed a cybersecurity incident last week, and although the firm’s name may not be familiar to everyone, they are a major producer of insulin and semaglutide. Semaglutide is marketed as Wegovy for weight loss and Ozempic for Type 2 diabetes. In its June 11 update, the firm stated that the...

Source

Lawrence Abrams reports: A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. The U.S. Department of Justice announced Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware attacks conducted...

Source

The bigger they are, the harder they fail? Global Schools Foundation (GSF) is a Singapore-headquartered, not-for-profit K–12 education organization. With a global network of schools, the foundation strives to provide world-class education to students across multiple countries. Global Schools Group (GSG), an initiative of GSF, manages and operates a network of 12 international school brands...

Source

Sergiu Gatlan reports: CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. Unauthenticated remote attackers can exploit this security flaw (tracked as CVE-2026-50751) to bypass authentication and establish a remote access VPN connection on targeted...

Source

Jacob Goldberg and Irwin Loy report: A cyber-attack targeting the World Food Programme has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date. WFP is investigating a “security-related incident” in which “unauthorised actors” accessed...

Source

On July 1, 2025,  Radiology Associates of Richmond (“RAR”) reported a breach to HHS that had occurred in April 2024 and affected more than 1.4 million patients. By the end of July 2025, the well-known radiology practice had experienced a second breach. The second breach, recently reported to the Maine Attorney General’s Office on May...

Source

From the Illinois Senate Democrats:  State Senator Laura Murphy is leading a comprehensive measure to protect consumers’ data and shield them from targeted advertisements. “By placing guardrails around consumers’ personal information, we eliminate companies’ ability to collect and sell the most sensitive data of Illinoisans,” said Murphy (D-Des Plaines). “We then put the power in...

Source

Media outlets have been understandably eager to learn whether Instructure paid ShinyHunters after the latter attacked them for a second time on May 7. Considering that they pledged to be more transparent, DataBreaches doesn’t fully understand why Instructure wasn’t more forthright about the payment issue in its update, unless they were trying to avoid encouraging...

Source

Dalbir Singh & Associates ignored multiple attempts at responsible disclosure but finally locked down its misconfigured Amazon bucket, only to expose it again. Now the data is in the hands of criminals trying to extort them.  On April 6, DataBreaches reported on a misconfigured Amazon bucket belonging to an immigration law firm in New York....

Source

Jonathan Greig reports: German and U.S. authorities arrested the alleged administrator behind Dream Market, a popular dark web forum that shut down in 2019. During a May 7 raid on three locations, German and U.S. law enforcement arrested Owe Martin Andresen, 49, on multiple charges of money laundering. An indictment unsealed this week by the...

Source

Breaches involving school-related vendors such as PowerSchool and Instructure are causing major headaches for schools, students, and parents. They are also getting more attention from Congress. While some breaches have not exposed core data or personal information of students or personnel, other breaches, such as those involving PowerSchool and Navigate360’s  P3 Campus, have involved sensitive...

Source

In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,...

Source

Instructure defines itself as the “O.G. champions of open edtech. The makers of Canvas, Mastery, and Parchment (solutions for learning, assessment, and credentialing). Host of the world’s largest online community of educators. (And yes—we’re ‘the panda people.’). We build industry-leading edtech, empowering both teachers and learners at every step of their journey.” Sadly, they were...

Source

From the U.S. Attorney’s Office, District of Maryland: A Maryland man is facing federal indictment stemming from an unauthorized computer access scheme involving a Maryland medical system. Matthew Bathula, 41, of Clarksville, is charged with two counts of unauthorized access to a protected computer, and one count of aggravated identity theft while working as a...

Source

Caitlyn Rosen reports: A class of Michiganders asserted in a federal lawsuit filed Thursday that a Thomson Reuters search engine wrongfully published their Social Security numbers. In an 11-page lawsuit filed in the U.S. District Court for the Eastern District of Michigan, the class claims Reuters search engines publicly displayed plaintiffs’ social security numbers in...

Source

In memoriam. Ayrton Senna, the greatest Formula One driver of all times, lost to this world on May 1, 1994 in a terrible crash at Imola. In the years following his death, some have matched or exceeded his record, but none of them could hold a candle to him. (Image credit: Getty Images)  

Source

Tyler Bridegan, Scott Hyman, Patrick Strubbe, and Sarah Wilk of Womble Bond Dickinson write: In a first of its kind, a California federal judge allowed claims against Bain Capital to proceed based on a data breach at its subsidiary, PowerSchool. Notably, many of the claims are based on conduct that occurred before Bain’s acquisition of PowerSchool. Although...

Source

Check Point Researchers recently dug into all three versions of VECT’s ransomware. And what they found should concern anyone who discovers they have been locked by it. From their blog post: Ransomware is supposed to be reversible. The attacker locks your files, holds the key, and returns it when you pay. That’s the business model. VECT’s software...

Source

A DataBreaches.net Editorial The “BlueLeaks 2.0” data breach may be the worst privacy and data security breach affecting students that DataBreaches has seen in 20 years of reporting on breaches affecting the education sector. If people thought the Power School incident was the worst ever, hold my coffee. Who will hold P3 Global Intel (“P3”)...

Source

Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that resulted in a data breach affecting about 77,000 customers. “After learning of the breach, Fidelity also failed to notify many impacted residents, including the relatives and minor children...

Source