Data Breaches

On May 23, the North Shore University Sleep Disorders Center in New York notified HHS that 13,332 patients were affected by a breach that it coded as “Unauthorized Access/Disclosure” of data located “Other.” While the number affected might not seem unusually disturbing in this day and age of big breaches, the circumstances of the breach…

When a ransomware gang names one target but links to another target or posts a description of a different target, journalists and researchers may understandably be left wondering who was attacked. If the threat actors have posted proof of claims, it may be possible to figure out who the target was, but with no proof…

Adan Khan reports: A suspected cyber attack has targeted the website of the Rajkot Municipal Corporation (RMC), triggering concerns over the possible theft of sensitive civic data. The breach came to light recently, sparking fear among residents, as officials suspect that over 400 GB of data may have been compromised. According to sources, the stolen…

Charlotte Lee reports: Taiwan’s second-largest crypto platform BitoPro suffered a cyberattack on May 8, losing an estimated NT$345 million (US$11.5 million), blockchain analyst ZachXBT revealed Monday. The Financial Supervisory Commission’s Securities and Futures Bureau confirmed the security breach and announced that BitoPro will be required to issue an official public statement regarding the incident, CTEE reported. Operator…

The InterLock ransomware leak site recently added Texas Digestive Specialists to its listings, claiming to have exfiltrated (and leaked) 263 GB of data consisting of 16,920 folders with 215,245 files. Finding no indication of anything amiss or any breach disclosure on the medical group’s website, DataBreaches sampled selectively from the data tranche. We noticed evidence…

Leader of Online Swatting Ring Admits to Targeting over 75 Public Officials, Four Religious Institutions, and Multiple Journalists in Nationwide Bomb Threat Spree June 2, 2025. Thomasz Szabo, also known as Plank, Jonah, and Cypher, 26, of Romania, pleaded guilty today to being the leader of a years-long conspiracy that targeted victims across the United…

Hunton Andrews Kurth writes: On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions. Key requirements,…

Daryna Antoniuk reports: A little-known hacking group has emerged as a major threat to Russian state institutions and critical industries, carrying out attacks aimed at causing maximum disruption and extracting financial gain, according to a new report. BO Team, also known as Black Owl, has been active since early 2024 and appears to operate independently,…

Zack Whittaker reports: Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and…

Aman Mishra reports: A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Lyrix ransomware stands out due to its ability to bypass traditional antivirus solutions by employing polymorphic code, which constantly mutates to avoid signature-based detection. Once infiltrated, the malware stealthily maps the target…