Blogger/journalist at databreaches.net and pogowasright.org. As a retired healthcare professional, breaches in the healthcare sector are my priority.
The header pic is Indy, a Siberian husky we rescued in 2016 after I read how nobody wanted her because she was so difficult. She is now living her best life and is a mushball with me. My avatar is her co-conspirator, Senna. We rescued him from the town shelter in 2018. He is named for the #F1 #GOAT.
| #DataBreaches | https://www.databreaches.net |
| #Privacy | https://www.pogowasright.org |
| Have a news tip? | Signal: +1-516-776-7756 |
| Breaches@DataBreaches.net | |
| Breaches@protonmail.ch | |
| Pronouns | She/Her |
NEW by me:
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Defense counsel for Hankins & Sohn claims that the attack they experienced in February 2023 was "unforeseeable." Was it really?
#HealthSec #databreach #extortion #HIPAA #cybersecurity #infosecurity #phishing
Exclusive: Gunra claims to have stolen 20TB of information from the liquor company Varela Hermanos, demanded a $7 million ransom, which the company refused to pay.
more details:
https://www.security-chu.com/2025/06/gunra-filtra-los-datos-de-Varela-Hermanos-Dark-Web.html
#ransomware #gunra #cyberattack #Cybersecurity #Panama #LATAM #ciberseguridad #noticias #news
#infosec
Attribution is hard, Thursday edition...
NEW by me: A guilty plea in the PowerSchool case still leaves unanswered questions
#PowerSchool #hack #extortion #attribution #transparency #incidentresponse
Help, please:
If anyone has a copy of the ransom note sent to PowerSchool in December 2024 or PowerSchool clients in May 2025, please email me a copy or upload it to me on Signal. I want to see not only the body, but the full header and signature.
PowerSchool has not been transparent about the extortion aspects of the incident and has not responded to inquiries.
To reach me on Signal, my number is +1 516-776-7756. Email: breaches@databreaches[.]net
Trump Rewrites Cybersecurity Policy in Executive Order:
https://www.databreachtoday.com/trump-rewrites-cybersecurity-policy-in-executive-order-a-28617
#cybersecurity #executiveorder
Direct link: Executive Order: https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144/
Related: White House Fact Sheet:
https://www.whitehouse.gov/fact-sheets/2025/06/fact-sheet-president-donald-j-trump-reprioritizes-cybersecurity-efforts-to-protect-america/
ICE takes steps to deport the Australian hacker known as "DR32"
https://databreaches.net/2025/06/08/ice-takes-steps-to-deport-the-australian-hacker-known-as-dr32/
Bruce Schneier testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.”
"I was asked by the Democrats to specifically talk about DOGE and the risks of exfiltrating our data from government agencies and feeding it into AIs."
His written testimony is at https://oversight.house.gov/wp-content/uploads/2025/06/Schneier-Written-Testimony.pdf
The YouTube video of the hearing is at https://www.youtube.com/watch?v=wKkk-uWi7HM (his opening statement is at around 1:14:40). He really rips into DOGE and the harm they have already done each and every one of us because security protections were bypassed.
Of course, the hearing became politicized, but I wish more people would consider his testimony.
Jackson Health System has disclosed another insider-wrongdoing breach. This one affected about 2000 patients. The employee's motivation was reportedly related to boosting their personal healthcare business.
In their notice, JHS tries to portray themself as a victim. That didn't go over too well with me, as this is not the first time they have had a long-running insider wrongdoing breach.
In 2019, they settled HHS OCR charges after three breaches -- one of which involved insider wrongdoing over 5 years that affected 24k patients. There was no corrective action plan as part of the settlement. Perhaps there should have been?
#databreach #healthsec #insiderthreat #HIPAA #SecurityRule #insiderwrongdoing
Germany fines Vodafone $51 million for privacy, security breaches:
Chum1ng0 - Security Research 
Doug Levin
