breached

The European Commission's use of Microsoft software breached EU privacy rules and the bloc's executive also failed to implement adequate safeguards for personal data transferred to non-EU countries, the EU privacy watchdog said on Monday.The European Data Protection Supervisor (EDPS) ordered the Commission to take measures to comply with privacy rules and to halt data transfer to the U.S. company and subsidiaries located in third countries which do not have privacy deals with the EU, setting a deadline of Dec. 9 for both…

As mortgage lender LoanDepot continues recovery efforts from a ransomware attack, it revealed on Monday that hackers stole data from more than 16 million customers. A Securities and Exchange Commission filing from the mortgage lender did not detail what kind of information the hackers breached, only that "an unauthorized third party gained access to sensitive personal information."LoanDepot first revealed it has fallen victim to attack on January 8. The company took some IT systems offline, but it faced a slow recovery.…

Wouldn’t you want to know what tech giants know about you? That’s exactly what Russian government hackers want, too. On Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 or Cozy Bear — and widely believed to be sponsored by the Russian government — hacked some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.” Curiously, the hackers didn’t go after customer data or the…

Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch. “Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of the lawyers representing the victims who received the…

A federal judge ruled Friday that Twitter, now known as X, breached its contract with employees when it failed to pay millions in promised bonuses last year. The company promised employees half of their potential bonuses both before and after tech billionaire Elon Musk purchased the company in 2022, but never paid, according to the suit. Mark Schobinger, then the company’s senior director of compensation, brought the lawsuit against the social media platform in June. “Once Schobinger did what Twitter…

A US federal court ruled on Friday that social media company Twitter, now branded X, violated contracts by failing to pay annual performance bonuses it orally promised its workers.The breach-of-contract lawsuit was brought by former employer Mark Schobinger in June. The lawsuit said Twitter had promised workers a 2022 performance bonus if they stayed with the company through the final possible payout date, which was the first quarter of this year. The court threw out Twitter's attempts to have the case dismissed, ruling…

The timing of the cyber attack occurred during tense relations between the U.S. and China, WSJ reported In a network of state-sponsored hackers from China, hackers linked to Beijing breached the emails of U.S. Ambassador to China Nicholas Burns, the Wall Street Journal first reported. The email account of Daniel Kritenbrink, the assistant secretary of State for East Asia, was also accessed by hackers, people familiar with the matter told WSJ. One of the people said that the…

US officials described the attacks as targeted and focused on a small number of accounts at the agencies that were breached, as opposed to hack seeking to steal large amounts of data. CISA and the FBI issued a joint advisory urging organisations to harden their Microsoft 365 cloud environments.The hacking campaign got underway in the weeks before Secretary of State Antony Blinken arrived in Beijing to meet with top officials, including Chinese President Xi Jinping.The hacking campaign got underway in the weeks before…

…

Dan Goodin / Ars Technica: Analysis: the Clop ransomware group has breached 122 organizations and obtained the data of ~15M people to date by exploiting a critical zero-day flaw in MOVEit — The dramatic fallout continues, with as many as 122 organizations now breached. — The dramatic fallout continues … Dan Goodin / Ars Technica: Analysis: the Clop ransomware group has breached 122 organizations and obtained the data of ~15M people to date by exploiting a critical…