Electronic Arts has acknowledged that a threat actor has breached the gaming giant and has posted a huge swath of gaming and corporate data for sale on the publicly accessible leak site RaidForums. The ad claims to have 780GB of data.
A small U.S. nuclear weapons contractor has confirmed that it suffered a ransomware attack, resulting in the theft of data. Credit for the attack has been taken by the ransomware-as-a-service operation known as REvil, aka Sodinokibi, which the FBI recently tied to the attack against meatpacking giant JBS.
The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult choices many healthcare entities face in the wake of cyberattacks.
The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia. Experts say a prolonged outage could have a noticeable impact on the global supply of meat. The company has yet to disclose if the attack involved ransomware.
Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports. U.K. authorities say that breach reporting to regulators and law enforcement agencies remains relatively steady.
A data security incident involving a Canada-based insurer that provides comprehensive health coverage to students studying abroad shines a light on complex international regulatory issues companies can face in the wake of a data breach.
After a ransomware incident, Colonial Pipeline Co. has restored smaller pipelines that ship fuels to the U.S. East Coast, but its larger ones are still offline as it assesses safety. Citing U.S. officials, The Associated Press reports the company was infected by the DarkSide ransomware group.
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
SmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million to $15 million bite out of its second-quarter revenue.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
The University of Hertfordshire has sustained a cyber incident that severely affected students' online classes and an assignment submission portal. The university, however, notes the incident did not lead to data theft.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.