Stay up-to-date on what is happening with privacy laws, as well as stories about leaks of private information from security breaches in the public and private sector. 360Civic has provided emergency services to individuals, businesses, police organizations and courts in the wake of hacking incidents and ransomware attacks.
Last updated: September 15, 2023
To Our Friends in the Media
If you are a member of the media and would like more information about any of these stories, or input from our CEO on privacy laws, the danger of privacy hacks, or how online privacy protection works, please contact us at privacy@ironwall360.com.
Privacy Hacks
2 Casino Ransomware Attacks: Caesars Paid, MGM Did Not
Caesars determined a week ago that the hacker acquired a copy of the Caesars Rewards loyalty program database, “which includes driver’s license numbers and/or social security numbers for a significant number of members in the database.” Caesars says there is no evidence to date that any member passwords, bank account information, or payment card information were stolen. The Wall Street Journal reported that Caesars paid a $30 million ransom.
Greater Manchester Police officers’ data exposed in ransomware attack
The personal details of an unknown number of Greater Manchester Police (GMP) officers have been exposed after a third-party supplier was targeted in a cyberattack. The GMP data breach comes just a couple of weeks after the Metropolitan Police Service (MPS) said it was investigating a possible data breach following "unauthorised access" to the systems of one of its suppliers. In the same month, the Norfolk and Suffolk police constabularies disclosed the accidental exposure of personal data belonging to more than 1,000 individuals, including victims of crime.
Contending with Artificially Intelligent Ransomware
Ransomware attacks have profoundly reshaped the landscape of cybercrime over the past decade, eclipsing even traditional bank robberies in scale and impact. With time, ransomware has evolved from simple technical breaches to multifaceted business enterprises encompassing evasion tactics, business analytics, segregation of duties and money laundering. Today, data encryption is giving way to data exfiltration and blackmail. Threat actors are becoming much better at stolen data analysis and blackmail, making businesses compromise their ethics to pay the ransom.
Report: 80% of IT Professionals Expect to Increase Spending to Support Ransomware Payments
Ransomware continues to plague corporations, as according to a new survey, 65% of IT professionals say ransomware is one of their organization’s biggest survival threats — and for 13% of organizations, it’s the single biggest threat.
Contractor delayed disclosure of hack that exposed Oregon Health Plan members
More than 1.7 million members of the Oregon Health Plan whose personal data was stolen by hackers were left in the dark for six weeks by the obscure technology firm in charge of the data, despite repeated pleas from state health officials that it speed up disclosure.
San Diego School District Notified Students, Teachers of Data Breach 8 Months After Hack, Complaint Alleges
San Diego Unified School District officials reported that the personal data of tens of thousands of students and teachers was compromised in a data breach about eight months after the incident, according to a lawsuit filed Monday.
Ransomware attacks broke records in July
In a new report released by NCC Group's Global Threat Intelligence team, analysts observed a record number of ransomware-related cyberattacks last month, with 502 major incidents tracked. According to the researchers, this represents a 154% increase year-on-year, compared to 198 attacks traced in July 2022.
Phishing Attacks
Ransomware access broker steals accounts via Microsoft Teams phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
Facebook Messenger accounts targeted in phishing campaign; 240K Social Security numbers exposed in healthcare breach
Bienville Orthopaedic Specialists disclosed to the Attorney General of Maine that it experienced a data breach. The Mississippi-based provider found unauthorized individuals were able to access patients’ names, medical information, passwords and financial account information. At least 240,000 patients had their Social Security numbers exposed in the incident as well.
Phishing Attack on Cloud Provider With Fortune 500 Clients Led to $15M Crypto Theft From Fortress Trust
When Fortress Trust disclosed a theft of customers’ cryptocurrency last week – later revealed to total close to $15 million – it pinned the blame on an unnamed third-party vendor. CoinDesk has identified that vendor, which has acknowledged it fell victim to a phishing attack.
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks.
The tech giant's Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by the monikers TA543 and Sagrid.
Millions of Duolingo users at risk from targeted phishing attacks — see if you're affected
Learning a new language can be difficult, which is why Duolingo has grown into such a popular service that boasts more than 74 million monthly users worldwide. However, 2.6 million of those Duolingo users are now at risk of targeted phishing attacks, after hackers leaked their personal information online.
Phishing Bait: The AI-Fueled Social Engineering Tactics Plaguing SMEs
Whether we are rushed or just absent-minded, unsuspecting or erroneously confident, hackers prey upon our lapses in judgment when engaging in phishing campaigns. And it works—over 90% of cyberattacks begin with phishing attempts. But cybercriminals are still working hard to increase the chances of their success, and with the advantages of ever-advancing AI technology, that is becoming even easier for them.
Threats Against Judges
Threat Against Lee County Judge
On Monday, August 14, 2023, the Lee County Sheriff’s Office was made aware of a threat alleged to have been made to Lee County Judge Frank Malinak III.
Prosecutors and judge involved in Trump indictments see number of threats
The U.S. Marshals Service says that threats against federal judges have spiked 400% in the past six years, to more than 3,700 in 2022. Threats to FBI agents and Justice Department officials have increased significantly since the raid at Mar-a-Lago, where hundreds of classified documents were discovered in Trump's possession.
Police probing threat against Terre Haute city court judge
Terre Haute police continue an investigation into threats against the city court judge Monday that caused a brief lockdown at City Hall. Police said City Hall employees about 11:45 a.m. Monday received multiple anonymous phone calls from an individual threatening violence toward the Terre Haute City Court judge.
Judge Faces Death Threats, Jurors Doxxed Amid Multiple Trump Indictments
The Fulton County Sheriff’s Office announced Thursday it is investigating the threats against members of the grand jury that indicted former President Donald Trump. The office said in a statement that it takes the matter “very seriously” and is coordinating with local, state and federal agencies to track the posts.
Threats against public officials on the rise as 2024 nears
New data suggests threats against public officials are on the rise, and experts say they’re concerned the trends will only continue to worsen. With 2024 rapidly nearing — where an already-heated presidential election is set to be coupled with multiple trials of former President Trump, who is also a candidate — the risk of menacing talk escalating into action could increase due to inflamed political rhetoric and increased media coverage, they said.
Privacy Laws
State Comprehensive Privacy Laws – The “First State” Officially Becomes the Thirteenth State with a Comprehensive Data Privacy Law
After some delay, Delaware’s governor has at last signed into law the thirteenth state comprehensive privacy law. This is the seventh law passed in 2023 joining Iowa, Indiana, Tennessee, Montana, Florida, and Oregon. The law takes effect on January 1, 2025.
The latest US state to consider data privacy law with no right of action: Pennsylvania
The quilt of consumer privacy laws in the United States continues to unfold. This week, lawmakers for the state of Pennsylvania started discussions on their proposed Consumer Data Privacy Act. House Bill 1201 would let residents opt out of their data processed.
CT Supreme Court says some records at mental health facilities are exempt from medical privacy laws
A divided state Supreme Court ruled for the Hartford Courant Tuesday in a public records case, concluding that reports of police investigations in state mental health hospitals typically are not protected medical records because they are not related to patient diagnoses or treatment.
California Looks to Amend Data Broker Law
The state of California is on the verge of amending its current data broker law with Senate Bill 362, also known as the Delete Act (“the Act”). The Act passed in the Assembly’s Committee on Privacy and Consumer Protection and has currently been referred to the Assembly’s Committee on Appropriations. If passed into law, the Act would build on the compliance obligations that entities designated as “data brokers” are required to follow under both California’s data broker law and the California Privacy Rights Act (CPRA).