Kyiv Post reports: Ukrposhta, Ukraine’s national postal service, announced system malfunctions following a cyberattack overnight going into Thursday. In a brief update, the state-run postal service said it is working to restore operations and would provide updates as they become available. “Due to a nighttime hostile attack on IT systems, the Ukrposhta application is temporarily malfunctioning,”...

Source

David Stauss of Stauss Law writes: Key point: Our new chart compares the data broker laws of California, Connecticut, Nevada, Oregon, Texas, and Vermont, covering applicability standards, registration and disclosure obligations, consumer rights, and penalties. State data broker laws are proliferating, and they vary widely in scope and structure. Connecticut recently passed a data broker...

Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations continued to run normally and were not affected by the incident. […] While Tata Electronics has not disclosed the threat actor’s identity,...

Source

Paige Collings and Jillian C. York write: This week, politicians in the UK pushed forward with plans to eviscerate privacy and free speech on the internet by announcing a ban on social media for users under 16 that is set to take effect in Spring 2027. The UK government continues to falsely characterize this policy as a necessary response...

David E. Rattray reports: A few minutes before 7 in the evening on May 9, 2025, a deputy in the Johnson County, Tex., sheriff’s office sat at a computer seeking information about a missing resident’s car. In the spot where officers were required to give a purpose for their requests, the deputy typed, “had an...

Lauren Rankin writes: New York had the chance to make history in more arenas than basketball this June. Earlier this month, the New York Senate passed the Maternal Health, Dignity and Consent Act, becoming the first legislative chamber in the country to pass legislation that would require informed consent for drug testing of pregnant people. But despite that...

Xsolis, Inc. is a business associate in the healthcare sector, providing utilization and case management services. They describe themselves as applying “industry-leading AI and automation to ensure appropriate care settings and accelerate collaboration across a connected network of providers and payers.” On June 19, California Attorney General’s Office posted a copy of a breach notification...

Source

On April 19, 2026, Cherry Health in Michigan detected suspicious network activity. Investigation revealed that an unknown person or persons had gained access to its network and copied data. On June 18, Cherry Health published a preliminary notice on its website.  The notice makes no mention of any earlier reporting on the incident that had...

Source

This is the kind of cyberattack that can put lives at risk and makes me want to wring some necks if I wasn’t so old and feeble. Demócrata reports: Brazil’s Civil Defense has reported this Saturday that its official alert system has been the target of a cyberattack, an incident that is already being investigated...

Source

June was a challenging month for Novo Nordisk regarding cybersecurity and intellectual property protection. The pharma giant allegedly had some of its data — including intellectual property — stolen by two independent groups of threat actors. Unaware of each other, each group claimed to have acquired a large amount of valuable information. One demanded $25...

Source

Following a major data security incident involving sensitive student and parent information, Global Schools Group sought court injunctions prohibiting the publication of data acquired by FulcrumSec. They obtained the injunctions, but once again, injunctions do not affect threat actors — or at least, not in the way the plaintiffs hoped.  Yesterday, DataBreaches reported that Global...

Source

Another day, another injunction. When DataBreaches read the news headline, our first thought was that this was an injunction sought by Global Schools Group. Our first impression was correct, but it took a reminder from FulcrumSec to realize that it was GSG-connected.  Ananya Iyer  reports: The Bombay High Court issued an interim order restraining the...

Source

IAPP reports: Vermont became the 23rd state to enact a comprehensive state privacy law. Gov. Phil Scott, R-Vt., signed Senate Bill 71, the Vermont Data Privacy and Online Surveillance Act into law 16 June. With Scott’s signature, Vermont becomes the fourth state to pass a comprehensive privacy law this year, joining Alabama, Louisiana and Oklahoma. The law...

Alexandra Posadzki reports: Canadian hacker Aubrey Cottle has pleaded guilty to three charges stemming from a cyberattack linked to notorious hacktivist group Anonymous on the Texas Republican Party. Mr. Cottle, who appeared in court in Newmarket, Ont., on Thursday, pleaded guilty to fraudulently obtaining a computer service, namely the systems of web-hosting company Epik, causing mischief...

Source

Ahmed Humble reports that 41,485 Texans may have had personal and protected health information exposed in a data breach involving a Houston-based Blue Fish Pediatrics. The breach reportedly occurred between July 11 and July 17, 2025, but patients are only first being notified now. The types of information included: Full names Dates of birth Social...

Source

Emily Hill reports: One Medical, the primary care provider acquired by Amazon in 2023, is facing questions after the cybercriminal group ShinyHunters claimed it stole 8.8 terabytes of company data and threatened to publish the information unless negotiations begin by June 22. The allegation remains unverified, and the group has not released any sample data to support...

Source

Zack Whittaker reports: A data breach at a Texas state government department allowed hackers to take the driver’s license information and passport numbers of more than 3 million people, according to the state’s attorney general. The incident is one of the largest data breaches to affect the state this year. In a data breach notice on the Texas...

Source

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) today announced a settlement with Spencer Gifts LLC Flexible Benefits and Welfare Benefit Plans (the Plan), the employer-sponsored group health plan of Spencer Gifts LLC, a national retail company, over potential violations of the Health Insurance Portability and Accountability Act of...

Source

In February 2025, after the Medusa ransomware gang claimed responsibility for an attack on the UK healthcare provider HCRG Care Group, HCRG confirmed it had been breached but would only say it was investigating. While they remained silent, SuspectFile obtained and reported on data provided to them by Medusa. SuspectFiles‘s reporting made it clear that...

Source

In Part 1,  DataBreaches published some totals and aggregate data from the recent Global Schools Group data breach. All analyses and statistics were provided to this site by FulcrumSec, who had attacked Global Schools Group (GSG) and exfiltrated the data. Data from three of GSG’s school brands were included in Part 1. Data for the...

Source