You or someone you know probably received a letter in the past year breaking the news to you: your confidential information *may* have been exposed in a breach.
Massachusetts saw a roughly 6% decrease in data breaches from 2023 to 2024, according to the Attorney General’s website.
The U.N.’s International Civil Aviation Organization (ICAO) has stated that they are actively investigating reports of a potential information security breach allegedly linked to a threat actor known as Natohub.
According to the website CyberDaily, the threat actor Natohub also claimed to be behind the hack that affected the United States Marine Corps (USMC) and the United States Department of Defense (US DOD) in 2024, compromising the data of almost 13,000 personnel.
On November 8, 2024, Ahold Delhaize USA, the parent company of Stop and Shop, detected a cybersecurity issue within its U.S. network. The company immediately launched an investigation with the help of external cybersecurity experts and notified law enforcement.
A man in Idaho going by the aliases of "Lifelock," "Studmaster," and "Studmaster1” has been sentenced to 10 years in prison after pleading guilty to targeting multiple healthcare providers in a series of cyberattacks.
The data breaches happened after the perpetrator obtained medical office credentials from the dark web in Summer 2017.
The initial target was a medical clinic in Georgia, where he successfully obtained the personal identifying information of over 43,000 individuals.
In January 2024, an accounting firm in north-central Massachusetts learned that data had been exfiltrated from its server network, and the perpetrator was demanding ransom for its deletion.
According to a letter sent to the Attorney General of New Hampshire, the firm worked with the FBI to determine that the perpetrator was a legitimate threat actor, and negotiated paying their ransom.
By focusing on their employees, organizations can better protect themselves against ever-evolving cyber threats, according to the Kaseya Cybersecurity Survey Report 2024: Navigating the New Frontier of Cyber Challenges.
“The human element continues to be the weakest link in cybersecurity,” the report states.
The Cybersecurity and Infrastructure Security Agency (CISA) has proposed new security requirements that aim to protect Americans’ sensitive personal data and U.S. government-related data from being accessed by “ countries of concern [or] covered persons.
In early October, the Commonwealth of Massachusetts’ payroll system became compromised due to a credential harvesting campaign, a cyberattack technique where attackers steal personal or financial data from users. The system was effectively shut down and unavailable to employees for a number of days.
Aramark, a giant in the service industry, recently found itself in the middle of a digital heist. At the end of the Summer, Aramark discovered that cybercriminals had crafted a fake payroll website to trick employees into handing over their login details.
A ransomware group known as Medusa has allegedly breached Providence Public Schools, exfiltrating 201.4GB of data. The group demanded a ransom of $1,000,000 with a deadline of September 25th, according to HackManac, a Twitter account dedicated to maintaining a repository of verified cyberattacks.