Category: Legal

California AG sues 23andMe over 2023 breach exposing health data California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. […] Bill Toulas Go to bleepingcomputer

Dutch govt disrupts malware botnet with 17 million infected devices Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. […] Bill Toulas Go to bleepingcomputer

Netherlands seizes 800 servers of hosting firm enabling cyberattacks Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. […] Bill Toulas Go to bleepingcomputer

INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. […] Bill Toulas Go to bleepingcomputer

UK fines water supplier $1.3M for exposing data of 664k customers The Information Commissioner’s Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. […] Bill Toulas Go to bleepingcomputer

Student hacked Taiwan high-speed rail to trigger emergency brakes A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country’s high-speed railway network (THSR). […] Bill Toulas Go to bleepingcomputer

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains The latest wave of “Operation PowerOFF,” on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. […] Bill Toulas Go to bleepingcomputer

German authorities identify REvil and GandCrab ransomware bosses The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. […] Bill Toulas Go to bleepingcomputer

Europe sanctions Chinese and Iranian firms for cyberattacks The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. […] Bill Toulas Go to bleepingcomputer

Samsung TVs to stop collecting Texans’ data without express consent Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs […] Bill Toulas Go to bleepingcomputer

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. […] Bill Toulas Go to…

Russia tries to block WhatsApp, Telegram in communication blockade The Russian government is attempting to block WhatsApp in the country as its crackdown on communication platforms not under its control intensifies. […] Bill Toulas Go to bleepingcomputer

Google disrupts IPIDEA residential proxy networks fueled by malware IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. […] Bill Toulas Go to bleepingcomputer

Black Basta boss makes it onto Interpol’s ‘Red Notice’ list The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. […] Bill Toulas Go to bleepingcomputer

Hacker gets seven years for breaching Rotterdam and Antwerp ports The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. […] Bill Toulas Go to bleepingcomputer

FBI seizes domain storing bank credentials stolen from U.S. victims The U.S. government has seized the ‘web3adspanels.org’ domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. […] Bill Toulas Go to bleepingcomputer

Interpol-led action decrypts 6 ransomware strains, arrests hundreds An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. […] Bill Toulas Go to bleepingcomputer

Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. […] Bill Toulas Go to bleepingcomputer

Portugal updates cybercrime law to exempt security researchers Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. […] Bill Toulas Go to bleepingcomputer

Korea arrests suspects selling intimate videos from hacked IP cameras The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site. […] Bill Toulas Go to bleepingcomputer

FTC settlement requires Illuminate to delete unnecessary student data The Federal Trade Commission (FTC) is proposing that education technology provider Illuminate Education to delete unnecessary student data and improve its security to settle allegations related to an incident in 2021 that exposed info of 10 million students. […] Bill Toulas Go to bleepingcomputer

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison A 44-year-old man was sentenced to seven years and four months in prison for operating an “evil twin” WiFi network to steal the data of unsuspecting travelers at various airports across Australia. […] Bill Toulas Go to bleepingcomputer

Capita to pay £14 million for data breach impacting 6.6 million people The Information Commissioner’s Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that exposed the personal information of 6.6 million people. […] Bill Toulas Go to bleepingcomputer

Spain dismantles “GXC Team” cybercrime syndicate, arrests leader Spanish Guardia Civil have dismantled the “GXC Team” cybercrime syndicate and arrested its alleged leader, a 25-year-old Brazilian known as “GoogleXcoder.” […] Bill Toulas Go to bleepingcomputer

FBI takes down BreachForums portal used for Salesforce extortion The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. […] Bill Toulas Go to bleepingcomputer

ParkMobile pays… $1 each for 2021 data breach that hit 22 million ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But there’s a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it…

U.S. sanctions cyber scammers who stole billions from Americans The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year. […] Bill Toulas Go to bleepingcomputer

Dev gets 4 years for creating kill switch on ex-employer’s systems A software developer has been sentenced to four years in prison for sabotaging his ex-employer’s Windows network with custom malware and a kill switch that locked out employees when his account was disabled. […] Lawrence Abrams Go to bleepingcomputer

UK sentences “serial hacker” of 3,000 sites to 20 months in prison A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year. […] Bill Toulas Go to bleepingcomputer

U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko. […] Bill Toulas Go to bleepingcomputer

U.S. Judiciary confirms breach of court electronic records service The U.S. Federal Judiciary confirms that it suffered a cyberattack on its electronic case management systems hosting confidential court documents and is strengthening cybersecurity measures. […] Bill Toulas Go to bleepingcomputer

US sanctions North Korean firm, nationals behind IT worker schemes The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People’s Republic of Korea (DPRK) government. […] Bill Toulas Go to…

Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee’s password for a hacker without first verifying their identity. […] Bill Toulas Go to bleepingcomputer

U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms A 21-year old former U.S. Army soldier pleaded guilty to charges of hacking and extorting at least ten telecommunications and technology companies in the country. […] Bill Toulas Go to bleepingcomputer

Four arrested in UK over M&S, Co-op, Harrods cyberattacks The UK’s National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. […] Bill Toulas Go to bleepingcomputer

Hikvision Canada ordered to cease operations over security risks The Canadian government has ordered Hikvision’s subsidiary in the country to cease all operations following a review that determined them to pose a national security risk. […] Bill Toulas Go to bleepingcomputer

Ryuk ransomware’s initial access expert extradited to the U.S. A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. […] Bill Toulas Go to bleepingcomputer

Paddle settles for $5 million over facilitating tech support scams Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults. […] Bill Toulas Go to bleepingcomputer

Police takes down AVCheck site used by cybercriminals to scan malware An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. […] Bill Toulas Go to bleepingcomputer

US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks A 36-year-old Yemeni national, who is believed to be the developer and primary operator of ‘Black Kingdom’ ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. […] Bill Toulas Go to bleepingcomputer

Suspected LockBit ransomware dev extradited to United States A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. […] Bill Toulas Go to bleepingcomputer

Swiss critical sector faces new 24-hour cyberattack reporting rule Switzerland’s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. […] Bill Toulas Go to bleepingcomputer

Privacy tech firms warn France’s encryption and VPN laws threaten privacy Privacy-focused email provider Tuta (previously Tutanota) and the VPN Trust Initiative (VTI) are raising concerns over proposed laws in France set to backdoor encrypted messaging systems and restrict internet access. […] Bill Toulas Go to bleepingcomputer

US healthcare org pays $11M settlement over alleged cybersecurity lapses Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. […] Bill Toulas Go to bleepingcomputer

Police arrests 4 Phobos ransomware suspects, seizes 8Base sites A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide. […] Bill Toulas Go…

PayPal to pay $2 million settlement over 2022 data breach New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state’s cybersecurity regulations, leading to a 2022 data breach. […] Bill Toulas Go to bleepingcomputer

US sanctions Chinese firm, hacker behind telecom and Treasury hacks The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. […] Bill Toulas Go to bleepingcomputer

GDPR complaints filed against TikTok, Temu for sending user data to China Non-profit privacy advocacy group “None of Your Business” (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user’s data to China and infringing European Union’s general data protection regulation (GDPR). […] Bill Toulas Go to…

Apple offers $95 million in Siri privacy violation settlement Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. […] Bill Toulas Go to bleepingcomputer

FTC orders Marriott and Starwood to implement strict data security The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches. […] Bill Toulas Go to bleepingcomputer

Over 1,000 arrested in massive ‘Serengeti’ anti-cybercrime operation Law enforcement agencies in Africa arrested as part of ‘Operation Serengeti’ more than a thousand individuals suspected of being involved in major cybercriminal activities that caused close to $193 million in financial losses all over the world. […] Bill Toulas Go to bleepingcomputer