Search
277 results for “zacpwhite”
-
NEW by me:
From bad to worse: Doctor Alliance hacked again by same threat actor
This is a bad #databreach in terms of the #PII and #PHI acquired by the hacker, "Kazu," who is about to leak it all.
Oof.Background: I reported on the first breach/attack a few days ago at https://databreaches.net/2025/11/12/doctor-alliance-data-breach-353gb-of-patient-files-allegedly-compromised-ransom-demanded/
When the CEO claimed it was all secured the same day, the hacker got ticked off and went back in and hacked them again.
#HealthSec #HIPAA #BusinessAssociate #thirdparty #vendor #hack #ransom #cybersecurity #incidentresponse
-
@rzeta0 : I think you're going too far by stating that NOT criticising Israel by IT journalists implies propaganda.
In fact, he has been reporting about Israel, albeit a tiny bit, for example in https://mastodon.social/@zackwhittaker/115094984659747512.
In the US you get cancelled for speaking the truth. I don't understand why Donald Trump is still president. Why don't all pro-democracy people go on strike,at least all (unpayed!) civil servants?
It's scare tactics and it works. Without organisation lone protestors are near suicidal.
Note: my account on https://infosec.exchange was blocked for speaking out the truth. I've had a good life, but most people have to make a living.
#USterroristCountry #USAterroristCountry #DonaldTrumpToICC #FrancescaAlbaneseIsRight
-
@rzeta0 : I think you're going too far by stating that NOT criticising Israel by IT journalists implies propaganda.
In fact, he has been reporting about Israel, albeit a tiny bit, for example in https://mastodon.social/@zackwhittaker/115094984659747512.
In the US you get cancelled for speaking the truth. I don't understand why Donald Trump is still president. Why don't all pro-democracy people go on strike,at least all (unpayed!) civil servants?
It's scare tactics and it works. Without organisation lone protestors are near suicidal.
Note: my account on https://infosec.exchange was blocked for speaking out the truth. I've had a good life, but most people have to make a living.
#USterroristCountry #USAterroristCountry #DonaldTrumpToICC #FrancescaAlbaneseIsRight
-
@rzeta0 : I think you're going too far by stating that NOT criticising Israel by IT journalists implies propaganda.
In fact, he has been reporting about Israel, albeit a tiny bit, for example in https://mastodon.social/@zackwhittaker/115094984659747512.
In the US you get cancelled for speaking the truth. I don't understand why Donald Trump is still president. Why don't all pro-democracy people go on strike,at least all (unpayed!) civil servants?
It's scare tactics and it works. Without organisation lone protestors are near suicidal.
Note: my account on https://infosec.exchange was blocked for speaking out the truth. I've had a good life, but most people have to make a living.
#USterroristCountry #USAterroristCountry #DonaldTrumpToICC #FrancescaAlbaneseIsRight
-
@rzeta0 : I think you're going too far by stating that NOT criticising Israel by IT journalists implies propaganda.
In fact, he has been reporting about Israel, albeit a tiny bit, for example in https://mastodon.social/@zackwhittaker/115094984659747512.
In the US you get cancelled for speaking the truth. I don't understand why Donald Trump is still president. Why don't all pro-democracy people go on strike,at least all (unpayed!) civil servants?
It's scare tactics and it works. Without organisation lone protestors are near suicidal.
Note: my account on https://infosec.exchange was blocked for speaking out the truth. I've had a good life, but most people have to make a living.
#USterroristCountry #USAterroristCountry #DonaldTrumpToICC #FrancescaAlbaneseIsRight
-
Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.
Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.
How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:
Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec
-
Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.
Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.
How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:
Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec
-
Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.
Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.
How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:
Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec
-
Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.
Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.
How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:
Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec
-
Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.
Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.
How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:
Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec
-
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
-
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
-
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
-
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
-
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
-
If you own a Tesla -- a vilehicle* ultimately controlled by a man who has proven not to care about caution or security -- and your car is leaking data everywhere...that's on you.
*This started life as a typo, but the serendipity is too good for editing it out.
-
There's always drama with the Breached/BreachForums saga. Here's some of what has been going on in the past few weeks after BreachForums[.]st went offline without any explanation:
"SCAM" is a four-letter word: BreachForums edition: https://databreaches.net/2025/05/02/scam-is-a-four-letter-word-breachforums-edition/
#cybercrime #forum #hacking #Breached #BreachForums #scam #ShinyHunters #Anastasia #Momondo
-
"Let’s protect not just the systems, but the people and principles that make those systems worth defending.
Because the most significant vulnerability we face isn’t a zero-day vulnerability in our software, it’s a zero-day vulnerability in our civic integrity.
And the patch requires all of us."
/by #JenEasterly
/via @zackwhittakerhttps://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae/
-
Teammate App sent an initial incident response to their clients.
A number of their clients reached out to tell me the company was trying to throw me under the nearest bus and shared a copy of the document with me.
You can read my response to it here: https://jltee.substack.com/p/response-to-teammate-apps-notification-and-disclosure
Background on this incident: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
-
Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.
@JayeLTee had alerted me to his nasty encounter with TeammateApp's CEO. See his post https://infosec.exchange/@JayeLTee/114057470165488882 and his substack at https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
My report/commentary is at :
No need to hack when it’s leaking, Monday edition: TeammateApp:
https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/ -
Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.
@JayeLTee had alerted me to his nasty encounter with TeammateApp's CEO. See his post https://infosec.exchange/@JayeLTee/114057470165488882 and his substack at https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
My report/commentary is at :
No need to hack when it’s leaking, Monday edition: TeammateApp:
https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/ -
Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.
@JayeLTee had alerted me to his nasty encounter with TeammateApp's CEO. See his post https://infosec.exchange/@JayeLTee/114057470165488882 and his substack at https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
My report/commentary is at :
No need to hack when it’s leaking, Monday edition: TeammateApp:
https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/ -
Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.
@JayeLTee had alerted me to his nasty encounter with TeammateApp's CEO. See his post https://infosec.exchange/@JayeLTee/114057470165488882 and his substack at https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
My report/commentary is at :
No need to hack when it’s leaking, Monday edition: TeammateApp:
https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/ -
Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.
@JayeLTee had alerted me to his nasty encounter with TeammateApp's CEO. See his post https://infosec.exchange/@JayeLTee/114057470165488882 and his substack at https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
My report/commentary is at :
No need to hack when it’s leaking, Monday edition: TeammateApp:
https://databreaches.net/2025/02/24/no-need-to-hack-when-its-leaking-monday-edition-teammateapp/ -
Many researchers are pseudonymous. That doesn’t justify ignoring their alerts:
A commentary inspired by Roomster's response -- or lack thereof -- to @JayeLTee's responsible disclosure alerts and my reporting on it all.
#dataleak #incidentresponse #responsible_disclosure ##Roomster #pseudoanonymity
-
Westend Dental agrees to pay Indiana $350K and to implement a corrective action plan to settle charges of multiple HIPAA violations.
This is one of THE WORST incident responses I have ever read and I've read a lot of bad ones over the years. But it's not just an incident response disaster. They were routinely violating HIPAA privacy and security rules.
Kudos to the state of Indiana for going after the dental practice and investigating to find out all the problems.
Don't ask me what HHS OCR did, because I don't think they were ever even told about this 2020 ransomware attack.
Read more here, where you will also find the court filings I've uploaded so you can read how bad this one was:
#ransomware #compliance #HIPAA #healthsec #encryption #backup #PrivacyRule #SecurityRule #ransparency #disclosure #notification
-
Change Healthcare updated its report to #HHS this week, changing its "marker" report in July of 500 patients affected to 100,000,000 patients affected.
It's not clear to me whether that is the final report on the number affected or if it is just an updated interim figure with a lot more to come. I've emailed Change to inquire and will update this if I get a reply.
In the meantime, if you need a refresher on what happened with this incident and the current situation with the incident, read @zackwhittaker report on @TechCrunch
#changehealthcare #ransomware #HIPAA #HHS #databreach #healthsec
-
So even though I am not in a state that National Public Data recognizes as having a right to OPT-OUT, I sent an OPT-OUT demand to them this morning because the information they had on me that got leaked was a mix of accurate and inaccurate info.
To my surprise, they responded within hours. In their email they wrote, in part:
"We have removed the entire database from our system. We may be required to retain certain records to comply with legal obligations; we will retain your request and our response for our records. Please note that while we are unable to edit or remove third-party data about you, including in public records, we will not sell your personal information through our services."
I hadn't seen anything on their website statement/notice about them removing the database from their system.
Interesting....
-
Bulgarian hacker “Emil Külev” arrested and detained:
https://databreaches.net/2024/06/30/bulgarian-hacker-emil-kulev-arrested-and-detained/
21--year-old Teodor Iliev accused of hacking and leaking 2.2 million records from LEV INS, the biggest insurance firm in Bulgaria in 2023. Also accused of hacking banks and other entities.
#Magadans #EmilKülev #EmilKyulev #cybercrime #hacking #databreach
@BleepingComputer @dangoodin @zackwhittaker @campuscodi @DarkWebInformer
-
Bulgarian hacker “Emil Külev” arrested and detained:
https://databreaches.net/2024/06/30/bulgarian-hacker-emil-kulev-arrested-and-detained/
21--year-old Teodor Iliev accused of hacking and leaking 2.2 million records from LEV INS, the biggest insurance firm in Bulgaria in 2023. Also accused of hacking banks and other entities.
#Magadans #EmilKülev #EmilKyulev #cybercrime #hacking #databreach
@BleepingComputer @dangoodin @zackwhittaker @campuscodi @DarkWebInformer