DataBreachToday.com

The Edmund Group's Adler on Managing Third- and Fourth-Party Risk in Healthcare
Healthcare organizations face growing risks from data distribution, vendor dependencies and global instability. Steven Adler, partner at The Edmund Group, discusses practical steps to strengthen vendor oversight and resilience.

Manufacturer Resumes Operations at Wolverhampton Unit
British car maker Jaguar Land Rover began on Monday a phased restoration of operations following a month of cyberattack-induced idleness. Fears of large-scale job losses at the car manufacturer and its extensive network of suppliers led the U.K. government to guarantee a 1.5 billion pound loan.

2020 Hack Has Cost EyeMed About $12.6M in Multiple Regulatory Fines, Settlements
Benefits provider EyeMed Vision Care has agreed to pay $5 million and improve its security practices to settle class action litigation involving a 2020 phishing breach. The incident has been the subject of previous multimillion dollar settlements and enforcement actions by multiple state regulators.

Proliferating Age Verification Systems a Hacker Target
A vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data collection systems are becoming high-value targets amid rising legislative mandates for online age checks.

Fake Messaging Apps Use Previously Undocumented Malware
Android spyware campaigns using previously undocumented spyware masquerade as upgrades or plugins for secure messaging apps Signal and ToTok, warn researchers. The two campaigns appear to target residents of the United Arab Emirates.

New CEO Dennis Monner Outlines Open Systems' Global Expansion, SASE Differentiation
New CEO Dennis Monner said Open Systems stands out by combining SASE technology with 24/7 expert-led service. Backed by Swiss Post, the company aims to capture more enterprise customers in Europe and the U.S. who seek a trusted alternative to U.S. and Israeli vendors.

New Investigatory Powers Act Request Reportedly Transmitted in September
The U.K. Home Office reportedly again ordered Apple to give it backdoor access to an encrypted cloud service after backing down in August from a similar demand made earlier this year. The order comes after a similar attempt by the Home Office in January.

Also: the UK's $7B Bitcoin Case, Implications of Vectra's Netography
In this week's update, ISMG editors examine how the U.S. shutdown and the lapse of CISA 2015 liability shield are straining cyber operations, what Vectra’s move for Netography signals for multi-cloud visibility and NDR, and how British prosecutors unraveled a bitcoin hoard now worth $7 billion.

Also: Texas Brothers Charged in $8M Crypto-Linked Kidnapping Case
This week, Brian Quintenz won't lead the U.S. CFTC, Canada fined KuCoin $14M, Texas brothers charged in an $8M kidnapping case, South Korean actor given suspended sentence for embezzlement, phishing campaign used robots.txt and an ex-LASD deputy pleaded guilty in a business extortion scam.

Hospital Sisters Health System's 2023 Hack Affected Nearly 900,000 People
A network of 13 Catholic hospitals, community health centers and clinics in the Midwest will pay $7.6 million and implement improvements to its data security practices to settle consolidated class action litigation filed in the aftermath of a 2023 hacking incident affecting nearly 900,000 people.

Identity Security Vendor to Expand AI Governance Tools Including MCP Server Defense
Descope raised $35 million to expand its agentic identity hub and MCP authorization capabilities. As enterprises adopt AI, CISOs demand granular governance, auditing and secure identity frameworks for nonhuman agents. Descope aims to lead this emerging space.

Also, Cyberattack Disrupts Asahi’s Japan Operations, Halts Production
This week, FTC sued Sendit, another Harrods breach, Allianz data breach and a cyberattack disrupted Asahi's Japan operations. WestJet disclosed data theft. Hackers targeted Kido Nursery chain, a VMware privilege escalation flaw was exploited as zero-day, DarkCloud infostealer resurfaced.

Executives Receiving Ransom Demands of Up to $50 Million, Warns Ransomware Expert
Extortionists are shaking down executives at organizations that use Oracle E-Business Suite, claiming to have stolen their sensitive data and demanding ransoms of up to $50 million, multiple cybersecurity firms are warning. The criminals claim to be associated with the Clop ransomware group.

US Cyber Defense Agency Faces 65% Furlough Rate Amid Federal Shutdown
The U.S. federal government shutdown has slashed staff at the nation's cyber defense agency and other key cyber entities, freezing daily operations, stalling grants and weakening threat coordination as state and local systems brace for lapses in federal support.

Evaluating Tools Saves Money But Requires Technical, Compliance and Business Acumen
Shiny object syndrome is more than a metaphor in cybersecurity. Organizations that chase every new tool often discover that what looked impressive in a demo fails to meet operational needs. The cure for this common malady is a structured tool evaluation process.

Armis CISO Curtis Simpson on Spend Justification, AI Risks, Real-Time Visibility
Curtis Simpson, CISO at Armis, shares how CISOs can frame spend in terms executives value, the underestimated risks of AI and which technology trends will truly reshape enterprise security.

'Success Stories' Social Media Program Impermissibly Disclosed PHI of 150 Patients
A "Success Stories" marketing campaign by a Delaware nursing home that involved posting photos and names of patients on social media resulted in a $182,000 federal fine. Regulators say the company violated HIPAA rules through the unauthorized disclosure of patients' protected health information.

ENISA: Nation-State Hacking 'Steadily Intensified' Over 12-Month Period
Nearly every member government of the European Union experienced a cyberattack from a nation-state hacker in the 12 months ending in July, primarily from Russian and Chinese threat actors who "steadily intensified" hacking, says the European cyber agency.