DataBreachToday.com

LA County Clinic Delayed Access to Patient's Medical Records During Pandemic
Federal regulators have fined a Los Angeles county mental health clinic $100,000 for failure to provide a patient with timely access to her requested health records during the COVID-19 pandemic. The case is the U.S. government's 51st HIPAA patient right-of-access enforcement action.

Military Says Ship-to-Shore Cranes Made in China Include Dangerous Security Flaws
The United States Coast Guard is continuing to warn of significant security risks embedded in ship-to-shore cranes developed by companies with ties to Beijing while issuing new sensitive requirements for ports operating Chinese-made cranes across the country.

Nightwing's John DeSimone Talks Growth, Threats, National Security and AI Strategy
Nightwing CEO John DeSimone reveals how the company’s independence from Raytheon allows it to better serve customers, invest in intelligence, advanced AI and data solutions, address sophisticated cyberthreats, and maintain a no-fail mission approach in the face of rising security threats.

Justice Department Dismantles Cybercrime Hub, Announces Charges and Seizes Crypto
The Justice Department has seized PopeyeTools, a notorious cybercrime marketplace, while announcing criminal charges for three alleged operators behind the website, which generated over $1.7 million in revenue, according to a Wednesday announcement.

Cyera's Valuation Doubles Amid Expansion From DSPM to DLP, Identity Protection
Cyera secures $300M in funding from Accel and Sapphire Ventures, doubling its valuation to $3 billion. The company is enhancing its data security platform by integrating DSPM with DLP and identity security capabilities, addressing enterprise demand for comprehensive solutions.

Company Probing Customers Affected After Attacker Claims 400 Gigabyte Data Theft
Financial technology firm Finastra is warning customers that it suffered a breach of a secure file transfer system that it uses to relay information to some customers, leading to an unknown quantity of data being exfiltrated by an attacker. The company is still identifying affected customers.

Google Does Not Have Material Influence Over Antrhtopic, Agency Says
The U.K. antitrust regulator called off an investigation into a $2 billion partnership between computing giant Alphabet and artificial intelligence startup Anthropic. The .K. Competition and Markets Authority probe sought to understand if the deal forms a "relevant merger situation."

Incident Is Among Growing List of Attacks on Small, Rural Hospitals
An Oklahoma hospital quickly restored its IT systems after a ransomware attack in September, but the 62-bed hospital could not recover some data and later learned that hackers may have accessed the personal information of 133,000 people. The attack is the latest involving a small rural hospital.

Competition Regulator Says WhatsApp Users Could Not Opt Out of Data Sharing
India's Competition Commission has fined social media conglomerate Meta over $25 million for forcing WhatsApp users to agree to a sweeping data sharing policy with other Meta platforms. The agency ordered the company to stop using users' data for online advertising on other Meta platforms.

Experts Call on Feds to Step Up Defense Against Escalating Chinese Threats
A panel of cybersecurity experts and top industry officials pushed lawmakers and the federal government to step up their defenses against escalating cyberthreats from China, citing recent high-profile examples of evidence that Beijing is increasingly targeting the U.S. with sophisticated attacks.

Hacker Reportedly Gained Access to File Containing Testimony Against Matt Gaetz
Matt Gaetz, President-elect Donald Trump’s pick to lead the Justice Department, faces growing controversy over allegations of sexual misconduct after a hacker reportedly gained access to a shared file containing testimony from a woman who said she had sex with the former congressman when she was 17.

Critical Authentication Flaw Impacts Both Free and Pro Users
A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.

Water Barghest Group Lists Infected Devices Within 10 Minutes of Initial Compromise
A threat actor with suspected ties to Russian nation-state hackers has listed thousands of IoT devices as proxy networks within minutes of their initial compromise. A campaign that began in 2020 has so far infected 20,000 IoT devices, according to a new report by Trend Micro.

Inspector General Report Reveals 97 Water Systems With Critical Cybersecurity Risks
The Environmental Protection Agency inspector general said over 100 million Americans depend on drinking water systems exposed to cybersecurity flaws that could allow hackers to "disrupt service or cause irreparable physical damage to drinking water infrastructure."

Critical Authentication Flaw Impacts Both Free and Pro Users
A widely deployed five-in-one security plugin for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plugin.

Gartner Publishes First Identity Verification MQ as Workforce-Related Uses Multiply
Gartner has recognized Entrust, Incode, Jumio, Socure and Sumsub as identity verification leaders amid a rise in regulatory demands and fraud prevention requirements. Identity verification was historically used for regulated onboarding in industries like banking, gambling and cryptocurrency.

Embracing Zero Trust and AI in Cloud Security
Zero trust, artificial-intelligence-driven security and automation tools are reshaping how organizations maintain uptime, even during a cyberattack. These advances underscore how the future of enterprise resilience is increasingly tied to advancements in cloud security.