The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost 10 million patients.
The breach is believed to have impacted several high-profile Medibank customers, including senior Australian government lawmakers.
The U.S. Treasury Department sanctioned Ermakov shortly after the Australian government imposed first-of-its-kind sanctions against the Russian national.
According to the U.S. Treasury, REvil ransomware has been deployed on approximately 175,000 computers worldwide, garnering at least $200 million in ransom payments.
The FSB’s surprise operation came just months after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang due to his alleged role in the Kaseya attack.
About 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as ransomware.
The loan company said in a filing with federal regulators on Monday that it would notify the affected customers of the data breach.
LoanDepot did not say what kind of sensitive and personal customer data was stolen.
When reached by email, LoanDepot spokesperson Jonathan Fine declined to tell TechCrunch what specific types of customer data was taken.
LoanDepot said it has “not yet determined” whether the cybersecurity incident will materially impact the company’s financial condition.
Hackers breached Microsoft to find out what Microsoft knows about themOn Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 — and widely believed to be sponsored by the Russian government — hacked some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.”Curiously, the hackers didn’t go after customer data or the traditional corporate information they may have normally gone after.
They wanted to know more about themselves, or more specifically, they wanted to know what Microsoft knows about them, according to the company.
“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” the company wrote in a blog post and SEC disclosure.
According to Microsoft, the hackers used a “password spray attack” — essentially brute forcing — against a legacy account, then used that account’s permissions to “to access a very small percentage of Microsoft corporate email accounts.”Microsoft did not disclose how many email accounts were breached, nor exactly what information the hackers accessed or stole.
Microsoft took advantage of news of this hack to talk about how they are going to move forward to make itself more secure.
This week, we’re taking a look at a pitch deck from Rypplzz (pronounced “ripples”), a spatial technology startup that recently raised $3 million.
As a rule, a pitch deck should never exceed 20MB because many email servers don’t like big attachments.
While this slide explains what the product is and its capabilities, it falls short of being a comprehensive product slide.
Enhancing a product slide with these details can elevate the pitch and make it more compelling.
In the rest of this teardown, we’ll take a look at three things Rypplzz could have improved or done differently, along with its full pitch deck!
U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider.
In an email sent to affected customers, Framework said that an employee at Keating Consulting, its primary external accounting partner, fell victim to a social engineering attack that allowed malicious hackers to obtain customers’ personal information related to outstanding balances for Framework purchases.
Framework told affected customers that hackers could use this stolen information to impersonate Framework to ask for payment information.
The Silicon Valley-based accounting company, which primarily provides interim financial leadership and back-office support to startups, has almost 300 clients, according to its website.
Framework said that in light of the incident at Keating, the company will require mandatory phishing and social engineering attack training for any of the company’s employees who have access to Framework customers’ information.
A startup called Diem wants to tackle the problem of “search engine gender bias,” where results can produce default male information, making many women feel unsatisfied by the answers they receive to taboo or personal questions online.
Diem also recently partnered with verified content providers so users can get information from trusted sources.
The first four companies are experts in the reproductive health space, including hormone health startup Aavia, sexual telehealth clinic Hey Jane, vaginal health startup Evvy, and female health brand Stix.
In the future, users will be able to nominate community members who already have a Diem account.
Six spaces are available, run by community members and inspired by popular posts on the platform.
Eye-tracking tech has been making its way into cars for years as a safety feature, especially with the rise of driver assistance software.
Now, Bosch thinks the tech could offer some other benefits – and it’s showing off two ideas this week at CES 2024 in Las Vegas.
The first scenario is pretty straightforward (and very European): You’re driving home and the car recognizes that you’re looking pretty drowsy.
The other is far more complicated: Eye-tracking tech could be used during your drive to figure out what points of interest you’re looking at, and the car could offer contextual information.
Since Bosch is merely a supplier here, it’s up to the automakers to decide if – and more importantly, how – it wants to implement these ideas.
An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims.
San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 data breach victims from a file share on its network during an intrusion in March 2023.
Orrick also said it notified health insurance company MultiPlan, behavioral health giant Beacon Health Options (now known as Carelon) and the U.S. Small Business Administration that their data was also compromised in Orrick’s data breach.
The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details.
The number of individuals known to be affected by this data breach has risen by threefold since Orrick first disclosed the incident.
Here we go again: 2023’s badly handled data breaches Delays, silence and unanswered questions follow these organizations into the new yearLast year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches.
That included everything from downplaying the real-world impact of spills of personal information and failing to answer basic questions.
Samsung won’t say how many customers hit by year-long data breachSamsung has once again made it onto our badly handled breaches list.
Lyca Mobile later admitted a data breach, in which unnamed attackers had accessed “at least some of the personal information held in our system” during the hack.
Data leaked by the gang, and reviewed by TechCrunch, included the personal data of thousands of CommScope employees, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, passport scans and bank account information.
But this year, give the gift of good security (and privacy) and eschew tech that can have untoward risks or repercussions.
Location data is some of the most sensitive data belonging to a person; location can determine where someone was at a particular time, which can be highly revealing and invasive.
Even one of the better-known family tracking apps, Life360, was caught selling the precise location data of its users to data brokers.
There’s no reason why you shouldn’t discuss the benefits and pitfalls of tracking your kids with your kids.
And this year, another smart sex-toy maker exposed the user and location data of its customers thanks to its leaky servers, which the company has yet to fix.
