Cybersecurity training company SANS Institute reports a data breach of 28,000 records. Noting that no organization is immune to cyberthreats, the company said the leak occurred as a result of a phishing attack that led to 513 emails being forwarded to an unknown email address, exposing personal data but no financial records.
High-speed trader Virtu Financial says an email breach in May cost the firm $6.9 million when $10.8 million worth of fraudulent wire transfers were sent to Chinese bank accounts. Virtu, which was able to freeze some of the funds before they reached the accounts, has sued Axis Insurance after the insurer declined to cover the loss.
The HHS Office for Civil Rights and American Hospital Association say postcards are being sent to hospital privacy officers warning of a mandatory HIPAA compliance risk assessment and telling recipients to visit a URL that links to a non-governmental website selling consulting services. The postcards claim to be official OCR communications, but the return address doesn't belong to HHS.
Transit organizations are technology companies, writes Kyle Malo, chief information security officer of the Washington Metropolitan Area Transit Authority, adding that this means operational technology and traditional IT have blended. Malo writes about the importance of budgeting appropriately for cybersecurity, ensuring that cybersecurity is part of the procurement process and getting a cybersecurity maturity assessment.
TikTok enabled its Android app version to collect millions of users' unique identifiers for at least 15 months that could be used for ad tracking, which violates Google's privacy rules, according to a Wall Street Journal investigation. A TikTok spokesperson said, "The current version of TikTok does not collect [media access control] addresses," and a Google spokesperson said the firm is investigating the Wall Street Journal's report.
Cybersecurity has soared to the top of the priority list for high-level IT executives in recent months, finds a survey by identity management provider Hitachi ID. The reshuffling of priorities, largely as a result of the pandemic, finds many chief information officers shifting their focus away from updating on-premises infrastructure and buying new hardware.
The Lazarus Group attempted a cyberattack against the Israeli defense industry, using fake LinkedIn profiles to pose as CEOs and executives of international companies and offering jobs to defense industry employees in an effort to gain access to their firms' networks. The attack, caught in real time, was a departure for the cybercriminal group, which is thought to be linked to North Korea and typically pursues financial gain rather than technology theft.