Luke Connolly

WestJet cyberattack remains unresolved one week in, airline says operations unaffected | CBC News WestJet says a cyberattack that began last week remains unresolved, as questions linger about the nature and fallout of the breach.

Scattered Spider is believed based in the US & UK with social engineering attacks on UK retail (M&S, Harrods) and US Insurance (Aflac). Whispers say they may be behind attacks on WestJet & possibly even Hawaiian Airlines.

www.cbc.ca/news/canada/...

Starkville Utilities in MI files a Data Breach Notification with the Maine AG more than 6 months after the initial Oct '24 discovery of unauthorized activity. Surely we can do better to than take 6 months to notify those impacted?

Elmore County ID has files a Notice of Data Security Incident with the Idaho AG 3 weeks after the Apr.15 discover of unauthorized access. 3 Week turnaround is pretty good. Waiting 12+ months to notify those impacted, as some orgs do, is shameful.

City of Abilene Goes Offline in Wake of Cyberattack The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.

The City of Abilene, TX filed a Data Security Breach Report with the Texas AG two weeks after a network outage. TWO WEEKS is an awesome turnaround for notifying those impacted! Some orgs take a YEAR or more to notify!!!

www.darkreading.com/vulnerabilit...

Frio County, TX today filed a Data Security Breach Report with the Texas AG.

Lampasas County, TX today filed a Data Security Breach Report with the Texas AG.

Criminal group Qilin are up to their old tricks, claiming to have stolen 50 GB of data from Bertie County Public Schools, comprising 7 schools in NC.

Cybercriminals Qilin are low on caffeine today. They claim a breach of Nelson University (nelson.edu) in TX, or Nelson.com, which sells to EDU, based on Ontario ... their data has both. First seen in 2022, Qilin clearly needs some time off.

Criminal group Medusa claims to have stolen 500GB of data from Pawnee Heights Unified School District in KS, demanding $160k ransom. More on Medusa from CISA.gov: www.cisa.gov/news-events/...

Fall River Public Schools, comprising 17 schools in MA, is facing a network outage, with ransom attack claimed by cybercriminal group Medusa. Read more about the group: www.cisa.gov/news-events/...

Cybercriminal group Interlock claims to be behind the breach of the Cherokee County School District in SC, first announced in mid-March. Since appearing in Sept'24, Interlock has multiple school and local governments among their two dozen victims.

Criminal group Rhysida claims to have stolen data from Okeene Public Schools in OK, demanding 5 bitcoin (~$85k) ransom. More on Rhysida: www.cisa.gov/news-events/...

Austintown Local School District in OH has had person info of approx 180 students compromised as a result of a phishing incident. WFMJ-TV has the story: www.wfmj.com/story/525997...

Criminal group Medusa claims to have stolen 205 GB of data from Big Horn County School District #4 in Wyoming. Read about Medusa here: www.cisa.gov/news-events/...

Criminal group Cloak claims to have stolen data from the Office of Attorney General of Virginia.

Criminal group Cloak claims to have stolen data from Baltimore City Public Schools, a district that operates 154 schools.

Fog ransomware group claims to have stolen data from Newtown Friends School in PA

Threat actor Qilin pressures Cleveland Municipal Court, breached 3 wks ago, with a post on their dark website. Emerging in 2022, Qilin has been consistently active this year and last with over 300 victims to date. More here: www.hhs.gov/sites/defaul...

New criminal group - VanHelsing - appears and claims their first victim: City of Bellville, Texas

Yesterday criminal group Babuk claimed to have breached the Florida DOT. At least they were honest enough to admit that they STOLE 800GB of data, rather than claiming pentesting BS. This has been their busiest month since first appearing in 2021.

Criminal group RansomHouse claims to have stolen 1.5 TB of data from The Loretto Hospital in Chicago.

New ransomware group appears (CrazyHunter), and 5 of their first 5 victims are in Taiwan. I wonder where CrazyHunter hails from?

Hancock Public School in MN is the latest US K12 to fall victim; criminal group Interlock claims to have stolen 120 GB of data.

At least 34 School Districts and 4 ESDs comprising an additional 60 SDs have been affected by the Carruth Compliance Consulting breach, with 469 GB of data claimed to have been stolen by new criminal group Skira. Supply chain attacks are devastating to K12!

A new criminal group - Skira - emerged yesterday claiming 5 victims, including Carruth. Is there a relationship between these 2 breaches? Between RansomHub and Skira? When will spring finally arrive? Stay tuned

Ransomware group RansomHub claims to have stolen 110 GB of data from Portland Public Schools in ME. Portland schools announced in Jan that was impacted by the Carruth data breach.

Criminal group Fog claims to have stolen > 27 GB of data from Williamsburg-James City County Public Schools, comprising 16 schools in VA. First appearing about a year ago,the vast majority of Fog's victims are in the US, with the EDU sector one of their fav targets.

On Feb 25 the Idaho Transportation Department filed a Security Breach Notification with the Idaho AG. The scope of the data compromised is not yet clear.

This week Tom Green County TX filed a Data Security Breach Report with the Texas AG, listing PHI and PII data as being compromised.

RansomHub claims to be the criminal group behind the breach of the Town of Bourne MA. A Data Breach Notification was filed with the Mass AG on Feb 21, regarding the breach discovered Jan 11.
www.capenews.net/bourne/news/...