Dissent Doe  4d ago

NEW by me:

Two Data Breaches Didn't Sink Novo Nordisk's Stock. Why Not?

So often, we see stock prices take a dip after a breach is disclosed. In this case, there were TWO breaches, yet the stock price didn't take any real dip, however short-lived. Either that's really unusual or breaches are starting to have less impact on stock prices, even in the short-term.

If the latter, threat actors may stop trying to threaten targets that their investors will care.

https://databreaches.net/2026/06/21/two-data-breaches-didnt-sink-novo-nordisks-stock-why-not/

#databreach #novoNordisk #infosec #hackandleak #intellectualproperty

Dissent Doe  5d ago

NEW by me:

While digging into the High Court of Bombay injunction sought by Global Schools Group (GSG) against FulcrumSec that I reported yesterday, I discovered a second injunction filed by a Singapore court.

Two injunctions in two countries in 24 hours.

Each one was worded somewhat differently and listed different defendants or respondents.

As an odd note: it appears that GSG's law firm may have forgotten to send FulcrumSec the Bombay court injunction of June 12 until after I reported on it yesterday. FulcrumSec had received the Singapore injunction on June 13, but knew nothing about any other injunction until I asked them about it yesterday. Less than 24 hours after I published about the Bombay injunction, the law firm sent it to FulcrumSec along with the attached files that the threat actors have now shared with me.

But what did these injunctions actually accomplish? Read my new post:

Global Schools Group Obtained Two Court Injunctions That Didn’t Seem to Change Much—and Might Backfire

https://databreaches.net/2026/06/20/global-schools-group-obtained-two-court-injunctions-that-didnt-seem-to-change-much-and-might-backfire/

@zackwhittaker @campuscodi @amvinfe

#FulcrumSec #GlobalSchoolsGroup #GIIS #injunction #databreach #hackandleak #extortion #chillingeffects #pressfrredom #legalthreats #censorship

Dissent Doe  6d ago

NEW by me:

Bombay High Court Blocks FulcrumSec Data Leak

https://databreaches.net/2026/06/19/bombay-high-court-blocks-fulcrumsec-data-leak/

#databreach #hackandleak #infosec #PratikshaFoundation

@campuscodi

Dissent Doe  Jun 18

I asked FulcrumSec if they would give me a breakdown of the Global Schools Group (GSG) data breach by school brand and campus. They did. The breakdown also includes by country, as GSG has schools in 10 countries.

I've published the aggregate totals and individual school brand data in a two-part article:

https://databreaches.net/2026/06/18/data-analysis-of-the-global-schools-group-breach-part-1/

https://databreaches.net/2026/06/18/data-analysis-of-the-global-schools-group-breach-part-2/

#FulcrumSec #databreach #hackandleak #extortion #GlobalSchoolsGroup #GSG #GIIS

Dissent Doe  Jun 16

NEW by me:

One threat actor demanded $50 million from Novo Nordisk. Another one demanded $25 million. Neither got paid.

Two different groups tried to extort Novo Nordisk at around the same time. Novo Nordisk strung them both along, and then went dark.

Data leaks followed.

https://databreaches.net/2026/06/16/one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid/

#NovoNordisk #FulcrumSec #TheUSERS007 #hackandleak #extortion #AI #databreach #infosec #cybersecurity

@campuscodi @euroinfosec @jgreig @lorenzofb @ajvicens @amvinfe

Dissent Doe  Jun 16

New by me:

Scoop: FulcrumSec Leaks Novo Nordisk Data After $25M Demand Goes Unpaid

https://databreaches.net/2026/06/15/scoop-fulcrumsec-leaks-novo-nordisk-data-after-25m-demand-goes-unpaid/

#novonordisk #FulcrumSec #hackandleak #infosec #cybersecurity #databreach #intellectualproperty

@campuscodi @dangoodin @zackwhittaker @euroinfosec @amvinfe @briankrebs @lawrenceabrams

Dissent Doe  May 16

NEW by me:

Another detail emerges about Instructure's agreement with ShinyHunters; Debate continues about whether to pay:

https://databreaches.net/2026/05/16/another-detail-emerges-about-instructures-agreement-with-shinyhunters-debate-continues-about-whether-to-pay/

Cybersecurity experts make claims about ShinyHunters to journalists, but where is the evidence to support their claims? Journalists shouldn't just quote experts -- ask them the basis for their claims. How much evidence do they actually have to support their assertions?

#hackandleak #databreach #Instructure #ShinyHunters #ransom #journalism

@amvinfe @masek @euroinfosec

Dissent Doe  May 15

@brianhonan There doesn't seem to have been any 2025 report for U.S., but in the 2026 U.S. focus based on a survey of 1000 small U.S. businesses, they have data on encryption incidents and report that of those that paid the extortion demand:

-- only 50% recovered all their data;
-- 27% were attacked again; and
-- ransomware victims paid a ransom an average of 2.24 times to recover.

Unfortunately, they don't report what percent have data leaked anyway in U.S. encryption incidents where victims pay, and they don't have any data on non-encryption #hackandleak incidents in the U.S. when small businesses are paying just to not leak data. The outcome may be the same as IE, but I wouldn't assume that.

I'll email them to inquire, but I suspect if they had that data, they would have reported it.

Thanks again for sharing that helpful resource.

https://www.hiscox.com/documents/Hiscox-Cyber-Readiness-Report-2026.pdf

@masek @amvinfe @euroinfosec

Show threadDissent Doe  May 14

@masek If the sole reason for paying is to reduce harm to the company or entity, then I tend to agree with you.

But let's look at the Instructure situation. It was a #hackandleak situation with data that is not particularly valuable, so why pay, right?

But then the attackers escalated and disrupted Finals week for tens of thousands of schools and millions of students.

And if Instructure hadn't paid, would ShinyHunters keep attacking them and disrupting their ability to provide the software schools rely on? My bet is that they would have.

When Instructure paid, I viewed it as them paying to stop the attacks more than to (just) allegedly delete data.

And that was not to reduce harm to the business, although Lord knows, their reputation was taking quite a hit, but paying reduced the disruption and harm to the students and teachers and schools.

And I'm okay with that. Does the payment reward criminals and make more crime more likely? Maybe. But even if the answer is "definitely," the company had a duty to mitigate harm to those who entrusted them with their data. And if that means paying, then their first duty is still to the ultimate victims and not to other companies.

I feel even more strongly when the target is a healthcare entity and patient services are delayed, or emergency services are diverted elsewhere.

I know, I know.... some people probably hate me for this opinion. To those who disagree with me strongly:

Change my mind. And show me some actual data about how often some gangs do or do not keep their word.

@amvinfe @euroinfosec

Dissent Doe  May 13

RE: https://infosec.exchange/@amvinfe/116567370386921171

I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics