OK, so it seems that #ShinyHunters breached #Instructure again and replaced login pages with their own message to schools about how to contact them directly.

The Canvas login page were replaced with the message in the screenshot below.

Canvas subsequently replaced the login with "under maintenance" pages.

#databreach #hackandleak #EduSec #cybersecurity

The NYS Department of Financial Services announced that they settled charges against Delta Dental Insurance Co. and Delta Dental of New York stemming from the 2023 Clop/MOVEit data breach.

The state's investigation found that Delta had violated NYS cybersecurity regs in a number of ways.

Delta has agreed to pay $2.25 million, none of which can be paid by their insurers and they can accept any reimbursement for the payment from any source.

I wonder how many other MOVEit customers who do business in New York are also dealing with NYSDFS.

https://databreaches.net/2026/05/01/nysdfs-secures-2-25-million-cybersecurity-settlement-with-delta-dental/

#databreach #hackandleak #supplychain #0day #DeltaDental #MOVEit #Clop #NYSDFS

@campuscodi @zackwhittaker

This won't be the end of this controversy, but a California court did not dismiss claims against Bain Capital over the PowerSchool data breach. In considering the timeline and the private equity firm's actions before and after its acquisition of PowerSchool in 2024, the court noted, in part:

"Post-closing, Bain directed PowerSchool to offshore cybersecurity, engineering, and IT functions to contractors, including offshoring required data-management tools that enabled vendors to bypass consent protocols and access protected school district computers directly.

Bain failed to assess data-breach risks from the offshoring it directed.

Post-closing, Bain directed layoffs of at least 5% of PowerSchool’s workforce, including critical domestic IT staff."

Read more from Womble Bond Dickinson at https://www.womblebonddickinson.com/us/insights/alerts/unprecedented-private-equity-firm-potentially-hook-portfolio-companys-data-breach

h/t, JDSupra, The National Law Review

@douglevin @funnymonkey

#EdTech #Liability #negligence #PowerSchool #BainCapital #hackandleak

Another #EdTech vendor has allegedly fallen prey to #ShinyHunters in yet another Salesforce-related hack-and-leak incident.

Follett Software markets Aspen, Destiny, and Classroom Library Manager software to schools.

The threat actors claim to have acquired 4 million records with PII and other corporate files, and have given Follett until May 4 to contact them.

Because this is Salesforce related, there may actually be very little identifiable information about students or personnel in the customer support data, unless district or school personnel gave students' names or details in seeking help with the software or specific problems.

I guess we'll find out soon.

#EduSec #databreach #hackandleak

@douglevin @funnymonkey @mkeierleber

ABC's recent piece on Matthew Lane seems to have confused some people.

ABC had interviewed and recorded Lane, who was convicted for hacking and extorting a telecom and his role in the PowerSchool incident, before he went to prison.

They just first aired the piece this week at https://abcnews.com/US/addicted-hacking-young-hacker-historic-breach-speaks-1st/story?id=131855776, but Lane has actually been in prison since January.
I hear from him fairly regularly.

Much of the media seems to misreport what Lane was charged with and convicted for, as I have reported on my site in a few posts. Read the court records carefully. He was neither charged nor convicted for exfiltrating all the PowerSchool data, yet everyone seems to refer to him as the PowerSchool hacker. As to the ransom that PowerSchool paid, the payment was never found in any wallet or account that Lane owned or had access to. Lane claims that his role was not what the media seems to think it was, but that's why he wasn't charged with some things.

Lane was sentenced to 4 years, but informs me that he will be out in 2027. His sentence has been reduced by his involvement in a program.

And oh --- little note -- both Lane and Conor Brian Fitzpatric ("Pompompurin") are both in Danbury FCI.

#databreach #hackandleak #prison

RE: https://infosec.exchange/@amvinfe/116399447764205902

#hackandleak

NEW: A Silent Threat, Loud Consequences: Ransom Group Hits Law Firms Hard

#SilentRansomGroup has leaked data from 38 law firms so far -- and they tell me most law firms do pay them. That means.... (counting on fingers and toes...) they've hit a heckuva lot of law firms.

And I'm beginning to get a feel for how their negotiations go when they fail.

Read about their attack on Wood Smith Henning & Berman at:

https://databreaches.net/2026/04/13/a-silent-threat-loud-consequences-ransom-group-hits-law-firms-hard/

#hackandleak #ransom #cybersec #infosec #databreach

Note to ALL:

I am starting to use another hashtag called #HackAndLeak that I hope others will also use to describe incidents where there has been no indication that any #ransomware or #malware was deployed.

It's time we stopped calling most attacks "ransomware" when they are really hack and leak incidents.

If you agree, how about sharing/boosting this idea and hashtag shift?

If you don't agree, tell me why so I can argue with you. :))