I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

"Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
https://databreaches.net/2025/12/09/tell-the-truth-or-someone-will-tell-it-for-you-trumbull-county-ohio-edition/

#databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.

Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.

How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:

Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/

#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec

@zackwhittaker @euroinfosec @campuscodi @JayeLTee

Kaufman County, Texas has been the victim of TWO cyberattacks in October.

The media now reports, "With two events in the same month, questions are now being raised about the overall security of Kaufman County’s computer systems and whether adequate safeguards are in place to prevent future compromises."

Ya think?

There's currently no information that has been disclosed as to whether the two attacks were carried out by the same attackers or if they involved the same means of access. But PII was impacted in the first one, and the second attack has affected county operations by encrypting files.

#databreach #govsec #cybersecurity

According to a new state auditor's report, nearly a third of Mississippi's state agencies fail cybersecurity requirements

Media coverage: https://vicksburgnews.com/shad-whites-office-finds-nearly-a-third-of-state-agencies-fail-cybersecurity-requirements/

Direct link to state report: https://www.osa.ms.gov/sites/default/files/osa/files/reports/252025%20Review%20of%20Mississippi%20Enterprise%20Security%20Program%20Compliance%20%28Cybersecurity%29.pdf

#Audit #cybersecurity #govsec #Mississippi #ComplianceTech

From the Minnesota Star Tribune:

"Secretary of Defense Pete Hegseth considered sending an elite U.S. Army strike force to Portland, Ore., to quell protests that President Donald Trump has characterized as “lawless mayhem,” according to images of messages provided to the Minnesota Star Tribune.

The messages, casually exchanged last weekend in a crowded, public space, show high-level officials in the Trump administration discussing the deployment of the Army’s 82nd Airborne, an infantry division that has been parachuted into combat zones in both world wars, Vietnam and Afghanistan. If the administration were to send in the Army division, it would almost certainly be challenged in court under federal laws limiting how the military can be used domestically."

Read more at https://www.startribune.com/trump-officials-discussed-sending-elite-army-division-to-portland-text-messages-show/601485729

#NatSec #GovSec #IdiotsAbound #infosecurity

Ok, so if anyone needs to raise their blood pressure, consider this:

Remember the Rhysida cyberattack affecting Columbus, where a researcher attempted to refute the city's claims about the severity of the breach, and the city obtained an injunction gagging him, subsequently suing him, etc.?

There was a class action lawsuit against the city over the breach that got dismissed.

Why did the suit get dismissed? Because under state law, the city IT was immune.

So, the whistleblower can be sued by the city for discussing the breach, but the city cannot be sued for its subpar cybersecurity that resulted in the theft of data from 500,000 people.

https://myfox28columbus.com/news/local/judge-throws-out-lawsuit-against-columbus-over-data-breach-ransomware-hack-rhysida-franklin-county-ohio

#govsec #ransom #databreach #cybersecurity #freespeech

In early August, the Pennsylvania Office of the Attorney General was hit by a ransomware attack that left them unable to access archived emails, files, and internal systems crucial to pursuing cases on behalf of the commonwealth.

There was a ransom demand, but the state refused to pay.

Today, INC Ransom added the Office of the Attorney General to its dark web leak site, as per ransomlook[.io]. But the listing doesn't show up on the leak site at this time, so it's not clear whether INC Ransom has actually leaked any data or not at this point.

The state indicated it's still trying to figure out who may need to be notified. They have only notified a few people at this point.

The state's most recent update was on September 17:

https://www.attorneygeneral.gov/taking-action/office-of-attorney-general-provides-update-on-cyber-incident-that-impacted-operations/

#databreach #ransomware #govsec #INCransom #cybersecurity