Security News

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.

The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Medibank is a large health insurance provider in Australia that suffered a ransomware attack in October 2022, causing operational and business disruption.

The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Following a lengthy investigation, the Australian authorities identified Ermakov as the person responsible for the Medibank hack and data theft.

Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. Today, after confirming that millions of people had their data stolen, the company said it would notify individuals impacted by this data breach, providing them with free credit monitoring and identity protection services.

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a...

23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.

Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. As reported by BleepingComputer, ParkMobile disclosed a massive data breach in 2021 that exposed the stolen data for 21 million customers.

Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. Kroll said the exposed data included coin holdings and balances, which would allow threat actors to pinpoint attractive targets who invest heavily in the cryptocurrency markets.

Mortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial. LoanCare is a sub-servicing and interim sub-servicing provider and a significant player in the mortgage servicing sector, handling approximately $390 billion in balances from 1.2 million loans.