Stay up-to-date on what is happening with privacy laws, as well as stories about leaks of private information from security breaches in the public and private sector. 360Civic has provided emergency services to individuals, businesses, police organizations and courts in the wake of hacking incidents and ransomware attacks.
Last updated: February 2, 2024
To Our Friends in the Media
If you are a member of the media and would like more information about any of these stories, or input from our CEO on privacy laws, the danger of privacy hacks, or how online privacy protection works, please contact us at firstname.lastname@example.org.
Hewlett Packard Enterprise reveals hack by Russian state actor
Tech firm Hewlett Packard Enterprise says its cloud-based email systems were breached by the same Russian hacking group that compromised some Microsoft email accounts earlier this month. The hackers used bugged software made by US tech firm SolarWinds to break into multiple US government agencies in 2020 to read emails between senior agency officials, US officials have alleged. (The Kremlin denied responsibility.) The spying campaign lasted well over a year and forced a major shakeup in how the US government defends its networks from hackers.
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms."Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
Phishing and Ransomware Attacks
Ransomware’s Impact Could Include Heart Attacks, Strokes & PTSD
New research details the possible effects of ransomware attacks on businesses and staff, society, the economy and national security, highlighting that its impact on mental and physical health is often overlooked.
How ransomware attacks at Wichita hospitals threaten your privacy and health
Since December, at least two Wichita medical practices joined a growing and unwelcome trend in health care: They got hacked and had to tell patients that their personal medical and financial information was in the hands of cybercriminals. In early December, Wichita Urology Group said more than 5,000 people may have been affected by a breach — the second in a year to hit the medical practice. At the beginning of 2023, Wichita Urology announced that hackers had stolen the names, addresses, birthdates, Social Security numbers, medication information and financial information of almost 1,500 patients.
Then this week, Kansas Joint and Spine Specialists in Wichita reported a “cybersecurity incident” that happened in June, which may have affected patients and employees. It is unknown how many people’s data was compromised, but the Texas attorney general said it involved almost 400 victims from that state.
Johnson Controls says ransomware attack cost $27 million, data stolen
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, air conditioners, and fire safety equipment.
Cisco’s head of security thinks that we’re headed into an AI phishing nightmare
“It's going to get harder for humans to distinguish between legitimate activity versus a malicious attack,” says Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration. Assailants using AI to make their attacks even more sophisticated could be a problem for HR, as the bulk of attacks people fall for are about work, or from someone pretending to be from their HR department. According to security software company KnowBe4’s third-quarter global phishing report, 61% of its failed phishing tests contained messages from HR or about employee performance.
Watch out for "I can't believe he is gone" Facebook phishing posts
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform.
Tax Phishing Scams Target You And Your Return Preparer—5 Tips For Staying Safe
Phishing scams were number two on the IRS’ annual Dirty Dozen list of tax scams for 2023 (right behind fraudulent Employee Retention Credit claims). Brad Messner, EA and owner of Financial Guardians, LLC (a firm that specializes in cybersecurity for tax professionals), recently noted that in addition to the usual types of phishing scams, there has been a “massive increase” in people sending out phishing emails that look like e-signature requests.
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack, according to email security provider Egress.The top three phishing techniques used throughout 2023 were malicious URLs, malware or ransomware attachments and attacks sent from compromised accounts.
3 Phishing Strategies to Know So You Don’t Get Scammed
Did you know that nearly 3.4 billion phishing emails are sent every day? This number is on top of the fact that Google already blocks at least 100 million phishing emails every day. Hackers are also becoming savvier than ever before, with many sending emails that appear to be from trusted organizations like Microsoft.
Cyber attacks are one of the biggest threats facing healthcare systems
An increase in cyber attacks on the healthcare sector is jeopardising patient safety, and prompting some governments to publish new cyber security standards. Publicly disclosed global cyber security breaches between January and September last year showed that the healthcare sector suffered more attacks (241) than any other sector, ahead of government (147), and information technology including software, hardware and IT services (91), according to research by Omdia, a technology research provider.
Survey shows AI generated disinformation, phishing attacks top concerns for 2024 election
A recent survey from the cyber firm, Arctic Wolf, reveals many officials are worried about how artificial intelligence could be used to manipulate voters. This comes as election administrators described potential AI generated scenarios during a congressional hearing last fall. This includes the possibility of deepfakes spreading inaccurate information about polling places or hours.
Microsoft warns of new spearphishing attack targeting workers at top companies
Iran hackers are trying hard to discover exactly what researchers and academia in the West are working on and discussing, especially about Palestine and Israel - so much so that they’ve launched a new, hard-to-detect phishing campaign against such individuals, aiming to install information-stealing malware.
Threats Against Judges
As Threats Against the Judiciary Mount, a Former Federal Judge Calls on Bar Associations for Coordinated Response
A former U.S. district court judge weighed in on the increase in threats against the nation’s judges, the decline in public confidence in the judiciary, and what can be done to stem the tide of violence against the third branch of government. Paul Grimm is a retired U.S. District Court judge for the District of Maryland and the current David F. Levi Professor of the Practice of Law and director of the Bolch Judicial Institute at Duke Law School. In an interview with Law.com, Grimm shared his thoughts on judicial security and what he believes is behind the threats of violence and incidents directed at the judicial branch of government.
Police responded to a 'fertilizer bomb' threat at the home of the judge in Trump's civil fraud trial: source
New York authorities on Thursday morning responded to bomb threats at the home of the judge overseeing former President Donald Trump's high-profile Manhattan trial ahead of closing arguments in the case. There were threats of multiple "fertilizer bombs" planted around the Long Island home of New York Supreme Court Justice Arthur Engoron, a court source who spoke on the condition of anonymity told Business Insider.
As Threats to Judges Spike, Legislative Response May Be Jump-Started
Amid the sharp increase in incidents, court officials have redoubled their commitment to safety.
Las Vegas courtroom attack highlights issue of violence against judges
Violence against U.S. judges is becoming a more pressing issue, according to experts who reacted to news of a defendant brutally attacking a Nevada judge who denied him probation Wednesday.
US Attorney General Denounces Surge In Threats To Public Officials
US Attorney General Merrick Garland denounced on Friday what he called a "deeply disturbing" spike in the number of threats being made against public officials in the United States. "Just this week, several bomb threats were made against courthouses across the country," Garland said.
Do Indiana privacy laws really protect Hoosiers? Report card issues a failing grade
Forty-four states have examined comprehensive privacy laws, but only a small portion have actually passed them. Here's what you need to know about privacy laws and how each state fared.
Marking Data Privacy Week With Four 2024 Predictions
Data Privacy Week is always ongoing! Here are some of Hinshaw's top data privacy law predictions for 2024.
The Sad Truth of the FTC’s ‘Historic’ Privacy Win
The FTC forced a data broker to stop selling “sensitive location data.” But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.
Push for federal data privacy law grows as rights vary by state
Members of Congress from both parties, including Sen. Maria Cantwell, D-Wash., chair of the Senate Commerce Committee, and Rep. Cathy McMorris Rodgers, R-Wash., chair of the House Energy and Commerce Committee, have pledged to pursue federal data privacy legislation in the current session. They are under pressure to act because of the rapid onset of artificial intelligence systems that use large volumes of data, threatening to worsen privacy protections for Americans.
What Healthcare Industry Players Need to Know About the Evolving Landscape of State Consumer Privacy Laws
With the flurry of new consumer privacy laws enacted in states across the country, it is vital for healthcare companies that are not regulated under HIPAA to remain informed of this changing landscape in order to plan and execute their compliance strategies.
New Jersey: Bill on personal information signed by Governor
On January 16, 2024, Senate Bill 332 was signed by the Governor of New Jersey, following its passage by the General Assembly and the State Senate on January 8, 2024. The bill provides for its entrance into effect 365 days following its enactment.
California: Bill on student privacy passed by Assembly Committee
This bill establishes new requirements for the deletion of personal data. Specifically, the bill would require an operator to delete a preschool, prekindergarten, or K–12 pupil's covered information that is not subject to the California Consumer Privacy Act (as amended) (CCPA) where the pupil's parent or legal guardian, the pupil's education rights holder, or the pupil, as provided, requests an operator to delete the covered information under the operator's control.
Virginia: Bill for minors data protection introduced to Senate
On January 9, 2024, Senate Bill 361 to amend and reenact §§59.1-575 and 59.1-578 of the Code of Virginia by adding sections relating to the Consumer Data Protection Act; protections for children, was prefiled with the Virginia State Senate. In particular, the bill would, among other things, prohibit 'operators' of websites, online services, or online or mobile applications from collecting or using the personal data of users they know are younger than the age of 18 years without consent and would also prohibit the sale or disclosure of the personal data of such users.