Axios: 23andMe changes terms of service to prevent lawsuits after data breach. “Days after a data breach allowed hackers to steal 6.9 million 23andMe users’ personal details, the genetic testing company changed its terms of service to prevent customers from suing the firm or pursuing class-action lawsuits against it.”
TechCrunch: 23andMe confirms hackers stole ancestry data on 6.9 million users. “On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access ‘a significant number of files containing profile information about other users’ ancestry.’ But 23andMe would not say how many ‘other users’ were impacted by the breach that the company initially disclosed in early October. As it turns out, there were a lot of ‘other users’ who were victims of this data breach: 6.9 million affected individuals in total.”
OCCRP: Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports. “Europe’s commercial ports are top entry points for cocaine flooding in at record rates. The work of a Dutch hacker, who was hired by drug traffickers to penetrate port IT networks, reveals how this type of smuggling has become easier than ever.”
TechCrunch: 23andMe says hackers accessed ‘significant number’ of files about users’ ancestry. “In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into the incident, it had determined that hackers had accessed 0.1% of its customer base. According to the company’s most recent annual earnings report, 23andMe has ‘more than 14 million customers worldwide,’ which means 0.1% is around 14,000.”
Bloomberg: Okta Says Hackers Stole Data for All Customer Support Users. “Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users of its customer support system — a scope far greater than the 1% of customers the company had previously said were affected.”
Gothamist: 4M NYers’ data and medical records were exposed in a breach. Here’s how to protect against ID theft.. “At least 4 million New Yorkers’ private information could be at risk of identity theft after a data breach at a medical transcription company that works with hospitals in New York, state Attorney General Letitia James said Tuesday. The company, Nevada-based Perry Johnson & Associates, works with Northwell Health, which has hospitals and clinics across the five boroughs and Long Island, as well as Crouse Health in Syracuse. About 9 million patients nationwide are affected by the breach, according to the attorney general’s office.”
Engadget: Basically all of Maine had data stolen by a ransomware gang. “The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals, which basically make up the state’s whole population.”
How-To Geek: CCleaner Got Hacked, Exposing Emails, Addresses, and More . “The incredibly popular maintenance and optimization tool for Windows, CCleaner, recently confirmed a data breach that exposed loads of user data on its paid customers. The breach was reportedly caused by the MOVEit hack back in May.”
Bloomberg: SEC Probes Twitter Security Lapse Before Elon Musk Took Over. “The Securities and Exchange Commission is investigating how Twitter Inc. managed a 2018 security lapse that exposed personal user information… The agency has been scrutinizing whether the former top executives failed to adequately disclose those privacy issues to shareholders or put in place proper controls, according to people familiar with the matter who asked not to be identified discussing a confidential investigation.”
Ars Technica: 23andMe says private user data is up for sale after being scraped. “Genetic profiling service 23andMe has commenced an investigation after private user data was scraped off its website. Friday’s confirmation comes five days after an unknown entity took to an online crime forum to advertise the sale of private information for millions of 23andMe users.”
Reuters: War Crimes Tribunal ICC Says It Has Been Hacked. “The International Criminal Court (ICC) said on Tuesday its computer system had been hacked, a breach at one of the world’s most high-profile international institutions and one that handles highly sensitive information about war crimes.”
The Register: Save the Children feared hit by ransomware, 7TB stolen . “As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang’s description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.”
Bleeping Computer: Freecycle confirms massive data breach impacting 7 million users. “Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. The nonprofit organization says it discovered the breach on Wednesday, weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, warning affected people to switch passwords immediately.”
The Street: FTX victims’ face doxxing threat after sensitive data taken by hackers. “Kroll, the firm managing customer data of FTX collapse victims, was hit by a data breach this month that resulted in customer data being stolen. The company was struck by ‘a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case,’ FTX said. However, Kroll announced that hackers also stole sensitive data in the hack.”
Engadget: Hack left majority of UK voters’ data exposed for over a year. “The UK’s Electoral Commission has revealed that some personal information of around 40 million voters was left exposed for over a year. The agency — which regulates party and election finance and elections in the country — said it was the target of a ‘complex cyberattack.’ It first detected suspicious activity on its network in October 2022, but said the intruders first gained access to its systems in August 2021.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.