Last week, Mediant Communications Inc. (Mediant) settled a class action lawsuit in the U.S. District Court for the Southern District of New York stemming from a 2019 data breach in which hackers accessed 200,000 individuals’ personal information from its proxy investor communication service. Mediant is based in New York and offers mutual funds and real
Hacking
Russian Government Officials Charged with Hacking U.S. Energy Infrastructure
The U.S. Department of Justice (DOJ) unsealed indictments against four Russian government officials on March 24, 2022, alleging that they hacked into networks that controlled energy systems in the U.S.
According to the DOJ, the attacks took place between 2012 and 2018, and included physical damage to infrastructure, as well as embedding malware for later…
FTC Files Suit Against CafePress for “Data Breach Cover Up”
The Federal Trade Commission (FTC) issued a press release on March 15, 2022, stating that it was taking action against CafePress “over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach” by filing a complaint against Residual Pumpkin Entity, LLC formerly d/b/a/ CafePress and PlanetArt, LLC d/b/a CafePress.…
CISA Warns “Every Organization” in U.S. to Assess + Respond to Cyber Risks
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over Ukraine.
According to the CISA Insights publication entitled “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats,” “public and private entities in…
EyeMed Settles with NY AG for $600,000 Over 2020 Data Breach
EyeMed Vision Care, LLC, was the victim of a hacking incident in 2020 that compromised the personal information of 2.1 million consumers, including their names, addresses, Social Security numbers, member numbers of health and vision insurance accounts, diagnoses, and treatment information. According to the New York Attorney General’s office, 98,632 of those individuals were state…
Passwords Used by Iranian-Backed Hackers Against Defense Contractors
When you are educating your employees about the importance of maintaining a complex password or passphrase, share this story to show why it is so important and to emphasize not to use same or similar passphrases across multiple platforms. It is not just a matter of getting into the company’s systems, but also one of…
Privacy Tip #303 – Russian Hacking Group Targets Gmail Users
If you think the Russians are only targeting U.S. companies and the defense industry, think again. The cyber war between Russia and the U.S. has escalated since the President threw down the gauntlet on Putin, and the retaliation is to attack Gmail users in the U.S. Yes, Gmail users are part of the war.
According…
Privacy Tip #299 – Creepy SpyFone Banned by FTC
In a second case against stalkerware apps and the first where the FTC has banned a company from doing business, the FTC announced on September 1, 2021, that it has “banned SpyFone and its CEO…from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone…
Privacy Tip #297 – Vulnerability in Smart Home Devices Including Baby Monitors
Mandiant, a division of FireEye, has reported that it has discovered a vulnerability in a software protocol that enables hackers to gain access to audio and visual data on smart devices including baby monitors and web cameras. The protocol was created by Taiwanese Internet of Things vendor ThroughTek, and is incorporated in as many as…
Cryptoheister(s) Return Stolen Booty
Cryptocurrency platform Poly Network, which allows users to swap different types of digital tokens, was the victim of a cryptoheist that resulted in the thief (allegedly just one hacker) to swipe over $600 million of currency. The incident has been dubbed the largest theft of cryptocurrency to date.
The story reads like the beginning of…