Data Breaches

The City of Philadelphia has revealed that the information of certain individuals was stolen in a cyberattack earlier this year. The malicious activity, the city says in an incident notification (PDF) on its website, was initially identified on May 24, and involved its email environment. According to the city, the investigation into the matter has revealed that an unauthorized party had access to certain city email accounts between May 26 and July 28, and that…

Read More

Identity and access management tech firm Okta on Friday warned that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. A security notice from Okta security chief David Bradbury said the company found “adversarial activity” that leveraged access to a stolen credential to access the support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

Finland on Wednesday charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with over 21,000 counts of extortion, the national prosecutor announced. “The suspect is held on remand and has denied being guilty of the offenses,” the National Prosecution Authority said in a statement. The prosecutor is seeking a seven-year prison sentence for the defendant, Aleksanteri Kivimaki, who was formerly identified as Julius Kivimaki. In the 2018 breach…

Read More

The US Securities and Exchange Commission is launching its own investigation into the vulnerability in Progress Software’s MOVEit transfer tool that exposed data from more than 2,000 organizations and 60 million individuals. Tracked as CVE-2023-34362, the flaw was exploited as a zero-day by the notorious Russia-linked Cl0p ransomware group to steal data from organizations using the MOVEit Transfer managed file transfer (MFT) software. Of the victim organizations, roughly 900 are schools in the United States,…

Read More

Hospitality and entertainment giant MGM Resorts said costs from last month’s debilitating ransomware infection has exceeded $110 million, including $10 million in one-time consulting clean-up fees. In an SEC 8-K filing, MGM Resorts said the data-extortion attack caused operational disruptions, especially in its Las Vegas properties, and an estimated financial toll that includes about $100 million in lost revenue. MGM Resorts, which manages prominent hotels like Mandalay Bay (site of the Black Hat security conference),…

Read More

Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards, the second such cyberattack to affect a major British police force in less than a month. Details on identity badges and warrant cards, including names, photos and identity numbers or police collar numbers, were stolen in the ransomware attack, Greater Manchester Police said Thursday. The third-party supplier was not identified. The force…

Read More