Stay up-to-date on what is happening with privacy laws, as well as stories about leaks of private information from security breaches in the public and private sector. 360Civic has provided emergency services to individuals, businesses, police organizations and courts in the wake of hacking incidents and ransomware attacks. 

Last updated: April 5, 2024

To Our Friends in the Media

If you are a member of the media and would like more information about any of these stories, or input from our CEO on privacy laws, the danger of privacy hacks, or how online privacy protection works, please contact us at press@360civic.com.

 

Phishing and Ransomware Attacks

Missouri county declares state of emergency amid suspected ransomware attack

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable.

Read More

New York City payroll website has been down for a week, following phishing attack

The administration of Mayor Eric Adams took its payroll website partially offline for the last nine days in response to a recent phishing scheme targeting city employees — leaving the city’s roughly 300,000 full time workers with limited access to essential forms as Tax Day nears.

Read More

Here Are the Most Impersonated Brands in Phishing Attacks

It turns out that Microsoft was the most impersonated brand by far, with 68 million phishing emails sent out using its name in 2023 alone. Of these 68 million emails, 20 million talked about an Office 365 subscription because of the fact that this is the sort of thing that could potentially end up making users more likely to click.

Read More

New Twist on Phishing Attack Targets Apple Users With Password Resets

If you suddenly receive dozens of password-reset notifications on your iPhone, watch out: You’re probably facing a devious phishing attack targeting Apple users. 

The malicious tactic is intended to to trick iPhone users into handing over access to their Apple accounts, according to security journalist Brian Krebs. 

Read More

After years of ransomware attacks, health-care defenses still fail

Federal officials and industry executives have known for years that the U.S. health-care system was one of the critical industries most vulnerable to hacking but failed to make the improvements that might have stopped attacks like the one that has crippled pharmacists and other medical providers for three weeks.

Read More

The state of ransomware: Faster, smarter, and meaner

The ransomware business hit record highs in 2023 despite falling payment rates, as attackers scaled up the number of attacks and new AI weapons were brought to bear on both sides of the war, promising to make an even bigger impact this year. Ransomware payments hit $1.1 billion in 2023, a record high and twice what they were in 2022. The frequency, scope and volume of attacks were all up, as was the number of independent groups conducting the attacks, according to a report by Chainalysis.

Read More

2024 Marks the Most Active February for Ransomware Attacks in Three Years

In February 2024, global levels of ransomware attacks increased by 46% from January, with a total of 416 cases compared to 285 in the previous month, according to NCC Group's February Threat Pulse. Year-on-year, ransomware attacks continue to rise. Data from February 2024 shows that levels of ransomware attacks were up 73% from 2023 and 124% from 2022, marking a steep upward trajectory of attack volume over the last three years.

Read More

California doctors struggle to make payroll one month after ransomware attack

For a month now Sacramento dermatologist Dr. Margaret Parsons has been unable to submit insurance claims to get paid for services provided. All of her private practice’s claims go through Change Healthcare, the country’s largest network for insurance billing and the subject of a Feb. 21 cyberattack that has yet to be fully resolved. 

Read More

The email phishing scams to look out for in 2024

From emails purporting to be from life insurance providers to those offering “free” subscriptions to streaming sites, every day scammers are trying to steal our cash or ID. And they can be extremely convincing.

Read More

What do cities face when hit by a ransomware attack? Cyber experts explain, as Hamilton issue continues

The attackers look for targets where they can shut down services or steal personal information so they have ample leverage when they demand payment.

Read More

Houser Law Firm Hit With Suits Over May 2023 Ransomware Attack

Commercial and business litigation firm Houser LLP failed to protect the personal information of more than 325,000 people that was exposed in a May 2023 ransomware attack and data breach, two proposed federal class actions said.

Read More

Reports show that phishing attacks have increased by 40% in 2023

Among the pathways most frequently exploited by threat actors were messaging apps, artificial intelligence platforms, social media services, and cryptocurrency exchanges. The trend of increased phishing attacks observed in 2022 persisted in 2023. Notably, the attacks increased by over 40 percent throughout the last year.

Read More

The evolution of phishing: vishing & quishing

In its early stages, phishing attacks were often very simplistic and relied on impersonating reputable sources via written communication, i.e. emails and letters, to gain access to sensitive data, now adversaries have adapted their techniques in the wake of the AI evolution. With the growing popularity of GenAI tools, voice-based phishing attacks - also known as ‘vishing’ - have become the new norm and organizations have to combat this evolution by modernizing their IT security.

Read More

Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign

A novel phishing campaign leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols, new research from Darktrace has revealed. The attack highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials.

Read More

Hackers impersonate U.S. government agencies in BEC attacks

A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes.

Read More

Health care was biggest victim of U.S. ransomware attacks last year

Health care organizations last year reported the most ransomware attacks of the 16 industries identified as critical U.S. infrastructure, according to a new FBI report on internet crime.

Read More

 

Threats Against Judges

Southern California Man Charged With Sending Death Threats to Orange County Judge

Federal prosecutors have secured an indictment against a former Laguna Niguel man accused of threatening to kill an Orange County Superior Court judge who presided over a family law case involving his son. A grand jury delivered a true bill Friday charging Bryom Zuniga Sanchez, 32, with two counts of making threats by interstate and foreign communication. Prosecutors say that, between May 2023 and July 2023, Zuniga sent by email and posted on Instagram multiple death threats to the unnamed judge. He also is accused of threatening police, court staff and others in the courthouse. “I am more committed to murdering you than I am to being present as a father,” Zuniga allegedly wrote to the judge’s former courtroom last July.

Read More

St. Louis judge testifies against man accused of death threat after Daniel Riley verdict

A city judge said Wednesday a threat to kill him and the jurors who convicted 22-year-old Daniel Riley of causing a crash that severed a teenager’s legs was an attempt to influence future judicial proceedings.

Read More

Foiled Assassination Plot Against Justice Kavanaugh Shows How ‘Apocalypse Politics’ Is Putting Judges’ Lives at Risk 

Death threats, harassment, stalking: Are these types of violence against judges becoming the norm? “It’s part and parcel of American politics today,” a civil rights attorney who is a candidate for Fulton County judge, Robert Patillo, tells the Sun.

Read More

S.F. judge in contentious stabbing case moves hearings online following death threats

A judge who issued a suspended prison sentence to a mentally disturbed man who stabbed an elderly Asian American woman has received death threats and is now hearing cases remotely rather than going to the courthouse, the Bar Association of San Francisco said Tuesday.

Read More

 

Privacy Laws

State Consumer Privacy Laws: New Privacy Laws in Texas, Oregon, and Montana Take Effect in 2024

Beginning July 1, 2024, Texas and Oregon will join the growing list of states with active consumer privacy laws, with Montana joining them on October 1. The new laws are similar to existing state data privacy laws in that they grant protections for consumers and impose requirements on companies collecting consumer personal data. While companies whose privacy programs already comply with existing data privacy laws will not have to make significant changes, companies considering data privacy laws for the first time will need to update their privacy policies and develop and implement new processes before July 1 to comply.

Read More

Utah Governor Signs Spate of Privacy Bills into Law

Last week, Utah Governor Spencer J. Cox signed three privacy-related bills into law. The bills are focused on, respectively, protection of motor vehicle consumer data, regulations on social media companies with respect to minors, and access to protected health information by third parties. The Utah legislature appears to be focused on data-related legislation this session, as Governor Cox signed two other bills related to AI into law last week as well.

Read More

The List Grows: Kentucky Lawmakers Close in on Comprehensive Privacy Law

Kentucky may soon join the expanding list of states with comprehensive privacy laws. Kentucky House Bill 15, an act related to Kentucky consumer data privacy (KCDPA), made its way through the Kentucky Senate with a unanimous vote on March 11, 2024. The bill is back with the Kentucky House, which will now have the opportunity to sign off on minor amendments. Pending passage in the House and Governor Andy Beshear’s subsequent signature, regulated entities will have until January 1, 2026, to prepare for the KCDPA to take effect.

Read More

Vermont sets national precedent with unanimous House passage of comprehensive data privacy legislation

The Vermont House of Representatives achieved a historic milestone by unanimously passing H.121, an act relating to enhancing consumer privacy, with a resounding vote of 139 - 0. The Vermont Data Privacy Act champions crucial consumer rights. It gives people the ability for individuals to access, delete, and correct the information that businesses have about them as well as to opt out of the use of personal data for targeted advertising, data sales, and significant automated profiling decisions.

Read More

New Jersey Data Privacy Act: What Companies Should Know About the State’s New Consumer Privacy Law

New Jersey has become the first state to enact a comprehensive consumer privacy law in 2024. The New Jersey Data Privacy Act will take effect January 15, 2025.

Read More

Stay up to date with online privacy best practices and news

Signup for our free IronWall360 newsletter