Security News

The Office of the Washington State Auditor on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance service, which allows organizations to share sensitive documents with users outside their organization securely.

Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. The Office of the Washington State Auditor states that they suffered a data breach after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.

Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a cybersecurity breach. Since employees were already logged into the CRM system, the attackers were able to access the CRM with the employee credentials and access wireless customer accounts and phone numbers.

Threat intelligence platform provider HackNotice has analyzed more than 60,000 breach reports over the last three years, and finds some disturbing results including the rate of increase in breaches and a relative decline in the number of official breach notifications. Leak reports containing data from a breached company as disclosed by hackers.

Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts. In a data breach notification filed with the Vermont attorney general's office, USCellular states that retail store's employees were scammed into downloading software onto a computer.

The Woodland Trust, a peaceful British charity that looks after trees, was struck by a "Cyber attack" before Christmas. Members of the trust, which says it has planted 43 million trees since its foundation in 1972, were informed last night of what was inevitably described as a "Sophisticated, high level cyber-incident."

Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules. The Norwegian data privacy watchdog said Tuesday that it notified Grindr LLC of its draft decision to issue a fine for 100 million Norwegian krone, equal to 10% of the U.S. company's global revenue.

Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. "Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor," Mimecast said.

The Australian Securities and Investments Commission on Monday disclosed a security incident that involved Accellion software. An independent commission of the Australian government, ASIC is the national corporate regulator, overseeing enterprise and financial services and also tasked with the enforcement of laws designed to protect consumers, creditors, and investors in Australia.

I think this is the largest data breach of all time: 220 million people. EDITED TO ADD: I seem to be conflating two stories, one current and one from last year.