This week: Johnson Controls suffers a ransomware attack, the Philippine state health insurance program struggles to recover from a ransomware and Air Canada reports a cyberattack. Also: an APT group uses the American Red Cross as bait and new malware targets would-be users of Bitwarden.
The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.
This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace.
This week, ISMG editors covered the hot topics at ISMG's London Cybersecurity Summit 2023, including the technical landscape of AI, executive liability, incident response strategies in the face of a global ransomware attack and how to build personal resilience to avoid burnout.
The list of healthcare entities affected by MOVEit file transfer hacks continues to grow. Nuance Communications acknowledged that hackers had stolen data belonging to 14 of its clients, all North Carolina medical providers. Hackers may have obtained diagnostic information including imaging reports.
This week, exiled Russian journalist Galina Timchenko's iPhone was found to contain NSO Group's Pegasus spyware, a Russian businessman was sentenced for insider trading, more than 300,000 people were affected by an attack on See Tickets and period-tracking apps raised privacy concerns in the U.K.
Hackers stole the personal details of thousands of police officers and staff in a ransomware attack that swept up one of the United Kingdom's largest law enforcement agencies. The Greater Manchester Police on Thursday described the attack as targeting a third-party supplier of various organizations.
Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied to a ransomware group attack.
This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware attack.
The new U.S. reporting requirements will force publicly traded companies in industries outside of financial services with fewer regulations to improve their security practices. Snyk CEO Peter McKay advised public companies in possession of credit card numbers or other PII to level up.
This week, Japan's cybersecurity agency reportedly was breached, social media companies were urged to ward off data scraping, the NSA said it respects foreign intelligence targets, Polish authorities arrested two for hacking a rail network, and a ransomware gang used GDPR fines as scare tactics.
SailPoint has agreed to buy U.K.-based privileged access management vendor Osirium for $8.3 million to better protect privileged and non-privileged identities on a single platform. The deal will allow Osirium to benefit from SailPoint's increased scale and enhanced sector and regional capabilities.
London's Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel, after someone gained "unauthorized access to the IT system" of one of its suppliers.
Ransomware and data exfiltration attacks continue to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one. Rackspace was hit by the Play ransomware group last year.
Two financial services giants hit by the mass attack on MOVEit file-sharing software - Prudential and Schwab - are the latest victims to face lawsuits from affected individuals. The suit filed against Prudential seeks 10 years of prepaid identity theft monitoring services instead of the usual two.