Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label United States. Show all posts
United States
Data Governance Federal Agencies Healthcare Data identification Privacy United States

How Gender Politics Are Reshaping Data Privacy and Personal Information




The contemporary legal and administrative actions in the United States are revamping how personal data is recorded, shared, and accessed by government systems. For transgender and gender diverse individuals, these changes carry heightened risks, as identity records and healthcare information are increasingly entangled with political and legal enforcement mechanisms.

One of the most visible shifts involves federal identity documentation. Updated rules now require U.S. passport applicants to list sex as assigned at birth, eliminating earlier flexibility in gender markers. Courts have allowed this policy to proceed despite legal challenges. Passport data does not function in isolation. It feeds into airline systems, border controls, employment verification processes, financial services, and law enforcement databases. When official identification does not reflect an individual’s lived identity, transgender and gender diverse people may face repeated scrutiny, increased risk of harassment, and complications during travel or routine identity checks. From a data governance perspective, embedding such inconsistencies also weakens the accuracy and reliability of federal record systems.

Healthcare data has become another major point of concern. The Department of Justice has expanded investigations into medical providers offering gender related care to minors by applying existing fraud and drug regulation laws. These investigations focus on insurance billing practices, particularly the use of diagnostic codes to secure coverage for treatments. As part of these efforts, subpoenas have been issued to hospitals and clinics across the country.

Importantly, these subpoenas have sought not only financial records but also deeply sensitive patient information, including names, birth dates, and medical intake forms. Although current health privacy laws permit disclosures for law enforcement purposes, privacy experts warn that this exception allows personal medical data to be accessed and retained far beyond its original purpose. Many healthcare providers report that these actions have created a chilling effect, prompting some institutions to restrict or suspend gender related care due to legal uncertainty.

Other federal agencies have taken steps that further intensify concern. The Federal Trade Commission, traditionally focused on consumer protection and data privacy, has hosted events scrutinizing gender affirming healthcare while giving limited attention to patient confidentiality. This shift has raised questions about how privacy enforcement priorities are being set.

As in person healthcare becomes harder to access, transgender and gender diverse individuals increasingly depend on digital resources. Research consistently shows that the vast majority of transgender adults rely on the internet for health information, and a large proportion use telehealth services for medical care. However, this dependence on digital systems also exposes vulnerabilities, including limited broadband access, high device costs, and gaps in digital literacy. These risks are compounded by the government’s routine purchase of personal data from commercial data brokers.

Privacy challenges extend into educational systems as well. Courts have declined to establish a national standard governing control over students’ gender related data, leaving unresolved questions about who can access, store, and disclose sensitive information held by schools.

Taken together, changes to identity documents, aggressive access to healthcare data, and unresolved data protections in education are creating an environment of increased surveillance for transgender and gender diverse individuals. While some state level actions have successfully limited overly broad data requests, experts argue that comprehensive federal privacy protections are urgently needed to safeguard sensitive personal data in an increasingly digital society.

Read more »
Waymo
public transportation Robotaxi San Francisco Technology United States Waymo

San Francisco Power Outage Brings Waymo Robotaxi Services to a Halt

 


A large power outage across San Francisco during the weekend disrupted daily life in the city and temporarily halted the operations of Waymo’s self-driving taxi service. The outage occurred on Saturday afternoon after a fire caused serious damage at a local electrical substation, according to utility provider Pacific Gas and Electric Company. As a result, electricity was cut off for more than 100,000 customers across multiple neighborhoods.

The loss of power affected more than homes and businesses. Several traffic signals across the city stopped functioning, creating confusion and congestion on major roads. During this period, multiple Waymo robotaxis were seen stopping in the middle of streets and intersections. Videos shared online showed the autonomous vehicles remaining stationary with their hazard lights turned on, while human drivers attempted to maneuver around them, leading to traffic bottlenecks in some areas.

Waymo confirmed that it temporarily paused all robotaxi services in the Bay Area as the outage unfolded. The company explained that its autonomous driving system is designed to treat non-working traffic lights as four-way stops, a standard safety approach used by human drivers as well. However, officials said the unusually widespread nature of the outage made conditions more complex than usual. In some cases, Waymo vehicles waited longer than expected at intersections to verify traffic conditions, which contributed to delays during peak congestion.

City authorities took emergency measures to manage the situation. Police officers, firefighters, and other personnel were deployed to direct traffic manually at critical intersections. Public transportation services were also affected, with some commuter train lines and stations experiencing temporary shutdowns due to the power failure.

Waymo stated that it remained in contact with city officials throughout the disruption and prioritized safety during the incident. The company said most rides that were already in progress were completed successfully, while other vehicles were either safely pulled over or returned to depots once service was suspended.

By Sunday afternoon, PG&E reported that power had been restored to the majority of affected customers, although thousands were still waiting for electricity to return. The utility provider said full restoration was expected by Monday.

Following the restoration of power, Waymo confirmed that its ride-hailing services in San Francisco had resumed. The company also indicated that it would review the incident to improve how its autonomous systems respond during large-scale infrastructure failures.

Waymo operates self-driving taxi services in several U.S. cities, including Los Angeles, Phoenix, Austin, and parts of Texas, and plans further expansion. The San Francisco outage has renewed discussions about how autonomous vehicles should adapt during emergencies, particularly when critical urban infrastructure fails.

Read more »
zero Day vulnerability
Cisco Cyber Security Data Theft Pornhub United States zero Day vulnerability

This Week in Cybersecurity: User Data Theft, AI-Driven Fraud, and System Vulnerabilities

 



This week surfaced several developments that accentuate how cyber threats continue to affect individuals, corporations, and governments across the globe.

In the United States, federal records indicate that Customs and Border Protection is expanding its use of small surveillance drones, shifting from limited testing to routine deployment. These unmanned systems are expected to significantly widen the agency’s monitoring capabilities, with some operations extending beyond physical U.S. borders. At the same time, Immigration and Customs Enforcement is preparing to roll out a new cybersecurity contract that would increase digital monitoring of its workforce. This move aligns with broader government efforts to tighten internal controls amid growing concerns about leaks and internal opposition.

On the criminal front, a major data extortion case has emerged involving user records linked to PornHub, one of the world’s most visited adult platforms. A hacking group associated with a broader online collective claims to have obtained hundreds of millions of data entries tied to paid users. The stolen material reportedly includes account-linked browsing activity and email addresses. The company has stated that the data appears to originate from a third-party analytics service it previously relied on, meaning the exposed records may be several years old. While sensitive financial credentials were not reported as part of the breach, the attackers have allegedly attempted to pressure the company through extortion demands, raising concerns about how behavioral data can be weaponized even years after collection.

Geopolitical tensions also spilled into cyberspace this week. Venezuela’s state oil firm reported a cyber incident affecting its administrative systems, occurring shortly after U.S. authorities seized an oil tanker carrying Venezuelan crude. Officials in Caracas accused Washington of being behind the intrusion, framing it as part of a broader campaign targeting the country’s energy sector. Although the company said oil production continued, external reporting suggests that internal systems were temporarily disabled and shipping operations were disrupted. The U.S. government has not publicly accepted responsibility, and no independently verified technical evidence has been released.

In enterprise security, Cisco disclosed an actively exploited zero-day vulnerability affecting certain email security products used by organizations worldwide. Researchers confirmed that attackers had been abusing the flaw for weeks before public disclosure. The weakness exists within a specific email filtering feature and can allow unauthorized access under certain configurations. Cisco has not yet issued a patch but has advised customers to disable affected components as a temporary safeguard while remediation efforts continue.

Separately, two employees from cybersecurity firms admitted guilt in a ransomware operation, highlighting insider risk within the security industry itself. Court records show that the individuals used their professional expertise to carry out extortion attacks, including one case that resulted in a seven-figure ransom payment.

Together, these incidents reflect the expanding scope of cyber risk, spanning personal data privacy, national infrastructure, corporate security, and insider threats. Staying informed, verifying claims, and maintaining updated defenses remain essential in an increasingly complex digital environment.


Read more »
Zohran Mamdani
Cyber Security Flipper Zero new York City Raspberry Pi United States Zohran Mamdani

NYC Inauguration Security Policy Draws Attention for Targeting Specific Tech Tools

 



New York City’s official guidelines for the 2026 mayoral inauguration of Zohran Mamdani include an unusual restriction: attendees are not permitted to bring Flipper Zero devices or Raspberry Pi computers to the event. The prohibition appears in the event’s publicly released FAQ, which outlines items considered unsuitable for entry due to safety and security concerns.

The restricted items list largely follows standard event security practices. Objects such as weapons, fireworks, drones, large bags, strollers, bicycles, alcohol, illegal substances, laser pointers, and blunt instruments are all prohibited. However, the explicit naming of two specific technology products has drawn attention, as most other entries are described in broad categories rather than by product name.

The Flipper Zero is a compact electronic device designed for learning and testing wireless communication systems. It can interact with technologies such as RFID cards, NFC tags, infrared signals, Bluetooth, and other radio-based protocols. These capabilities make it popular among cybersecurity researchers, developers, and students who use it to study how digital systems communicate and identify weaknesses in controlled environments.

Raspberry Pi, on the other hand, is a small and affordable single-board computer that runs full operating systems, most commonly Linux. It is widely used for educational purposes, programming practice, home automation, and prototyping technical projects. With additional accessories, a Raspberry Pi can perform many of the same functions as a traditional computer.

What has raised questions among technology professionals is the selective nature of the ban. While these two devices are specifically listed, laptops and smartphones are not mentioned as restricted items. This distinction has caused confusion, as modern phones and computers can run advanced security tools, wireless analysis software, and penetration-testing platforms with significantly greater processing power.

Devices like the Flipper Zero have previously been the subject of public concern and regulatory attention in several regions. Authorities and lawmakers have, at times, expressed fears that such tools could be misused for activities such as unauthorized access to vehicles, payment systems, or wireless networks. In response, some retailers have temporarily removed listings, and certain governments have proposed restrictions. However, many of these measures were later reversed, and the devices remain legal to own and use in most countries, including the United States.

Security experts note that the risk associated with a device often depends more on intent and usage than on the hardware itself. Tools designed for learning and testing can be misused, but the same is true for everyday consumer electronics. As a result, critics argue that banning specific products without addressing broader technical capabilities may reflect a limited understanding of modern technology.

Event organizers have not yet provided a public explanation for why the Flipper Zero and Raspberry Pi were singled out. Until further clarification is issued, the decision continues to prompt discussion about how cybersecurity concerns are interpreted in public safety planning and whether naming individual devices is an effective approach to risk management.



Read more »
United States
digital surveillance FCC Olympics Sensitive data Technology United States

FCC Tightens Rules on Foreign-Made Drones to Address U.S. Security Risks



The U.S. Federal Communications Commission has introduced new restrictions targeting drones and essential drone-related equipment manufactured outside the United States, citing concerns that such technology could pose serious national security and public safety risks.

Under this decision, the FCC has updated its Covered List to include uncrewed aircraft systems and their critical components that are produced in foreign countries. The move is being implemented under authority provided by recent provisions in the National Defense Authorization Act. In addition to drones themselves, the restrictions also apply to associated communication and video surveillance equipment and services.

The FCC explained that while drones are increasingly used for legitimate purposes such as innovation, infrastructure monitoring, and public safety operations, they can also be misused. According to the agency, malicious actors including criminals, hostile foreign entities, and terrorist groups could exploit drone technology to conduct surveillance, disrupt operations, or carry out physical attacks.

The decision was further shaped by an assessment carried out by an interagency group within the Executive Branch that specializes in national security. This review concluded that certain foreign-produced drones and their components present unacceptable risks to U.S. national security as well as to the safety and privacy of people within the country.

Officials noted that these risks include unauthorized monitoring, potential theft of sensitive data, and the possibility of drones being used for disruptive or destructive activities over U.S. territory. Components such as data transmission systems, navigation tools, flight controllers, ground stations, batteries, motors, and communication modules were highlighted as areas of concern.

The FCC also linked the timing of the decision to upcoming large-scale international events that the United States is expected to host, including the 2026 FIFA World Cup and the 2028 Summer Olympics. With increased drone activity likely during such events, regulators aim to strengthen control over national airspace and reduce potential security threats.

While the restrictions emphasize the importance of domestic production, the FCC clarified that exemptions may be granted. If the U.S. Department of Homeland Security determines that a specific drone or component does not pose a security risk, it may still be allowed for use.

The agency also reassured consumers that the new rules do not prevent individuals from continuing to use drones they have already purchased. Retailers are similarly permitted to sell and market drone models that received government approval earlier this year.

This development follows the recent signing of the National Defense Authorization Act for Fiscal Year 2026 by U.S. President Donald Trump, which includes broader measures aimed at protecting U.S. airspace from unmanned aircraft that could threaten public safety.

The FCC’s action builds on earlier updates to the Covered List, including the addition of certain foreign technology firms in the past, as part of a wider effort to limit national security risks linked to critical communications and surveillance technologies.




Read more »
zip code
Data collection ID Phreeli Privacy United States User Data zip code

U.S. Startup Launches Mobile Service That Requires No Personal Identification

 



A newly launched U.S. mobile carrier is questioning long-standing telecom practices by offering phone service without requiring customers to submit personal identification. The company, Phreeli, presents itself as a privacy-focused alternative in an industry known for extensive data collection.

Phreeli officially launched in early December and describes its service as being built with privacy at its core. Unlike traditional telecom providers that ask for names, residential addresses, birth dates, and other sensitive information, Phreeli limits its requirements to a ZIP code, a chosen username, and a payment method. According to the company, no customer profiles are created or sold, and user data is not shared for advertising or marketing purposes.

Customers can pay using standard payment cards, or opt for cryptocurrency if they wish to reduce traceable financial links. The service operates entirely on a prepaid basis, with no contracts involved. Monthly plans range from lower-cost options for light usage to higher-priced tiers for customers who require more mobile data. The absence of contracts aligns with the company’s approach, as formal agreements typically require verified personal identities.

Rather than building its own cellular infrastructure, Phreeli operates as a Mobile Virtual Network Operator. This means it provides service by leasing network access from an established carrier, in this case T-Mobile. This model allows Phreeli to offer nationwide coverage without owning physical towers or equipment.

Addressing legal concerns, the company states that U.S. law does not require mobile carriers to collect customer names in order to provide service. To manage billing while preserving anonymity, Phreeli says it uses a system that separates payment information from communication data. This setup relies on cryptographic verification to confirm that accounts are active, without linking call records or data usage to identifiable individuals.

The company’s privacy policy notes that information will only be shared when necessary to operate the service or when legally compelled. By limiting the amount of data collected from the start, Phreeli argues that there is little information available even in the event of legal requests.

Phreeli was founded by Nicholas Merrill, who previously operated an internet service provider and became involved in a prolonged legal dispute after challenging a government demand for user information. That experience reportedly influenced the company’s data-minimization philosophy.

While services that prioritize anonymity are often associated with misuse, Phreeli states that it actively monitors for abusive behavior. Accounts involved in robocalling or scams may face restrictions or suspension.

As concerns grow rampant around digital surveillance and commercial data harvesting, Phreeli’s launch sets the stage for a broader discussion about privacy in everyday communication. Whether this model gains mainstream adoption remains uncertain, but it introduces a notable shift in how mobile services can be structured in the United States.



Read more »
United States
Allianz Life Data Breach Insurance Company United States

Allianz Data Breach Exposes 1.4 Million Customers — What You Should Do

 



Nearly 1.4 million people in the United States have had their personal information exposed in a recent cyberattack on the Allianz Life Insurance Company of North America.

The breach, which took place on July 16, was carried out through a third-party cloud-based customer management system. Hackers used social engineering (tricking people into giving away access) to break in : a method that has also been used in several other high-profile attacks on insurance and healthcare companies.

Allianz discovered the intrusion a day later, on July 17, and quickly notified federal authorities, including the FBI. The company has stressed that the attack only affected its U.S. branch and that its main systems and networks remain secure.

What information was stolen?

Allianz has not confirmed the exact types of data taken. However, life insurance records usually contain highly sensitive details such as Social Security numbers, birthdates, and financial information. In addition to customers, the data of financial advisors and some employees may also have been exposed.

At this stage, the attackers have not made ransom demands, and the company has not revealed who is behind the incident. Some cybersecurity experts believe the group Scattered Spider, known for targeting insurance firms with similar tactics, may be responsible.

Company response

Allianz says the security flaw has now been fixed, and it has started contacting affected individuals. According to documents filed with the Maine Attorney General’s office, the company will provide two years of free identity theft protection to those impacted.


What you should do if you’re affected

Even though Allianz is offering help, individuals should take their own precautions after a breach:

1. Use identity theft protection services: These services monitor personal data and provide insurance against fraud. It’s best to sign up before becoming a victim.

2. Stay alert for phishing scams: Avoid clicking on suspicious links, QR codes, or email attachments from unknown senders.

3. Monitor your accounts closely: Regularly check bank accounts, insurance records, and credit reports for unusual activity.

4. Be cautious online: Social engineering often involves scammers pretending to be helpful contacts or offering opportunities that seem “too good to be true.”

Practicing strong “cyber hygiene” — being alert, updating security software, and knowing the signs of scams can make a big difference.


What comes next

The investigation is still ongoing, and Allianz has promised to share more details as they emerge, including exactly what type of personal information was exposed. Those affected will likely receive official notification letters by mail.

For now, staying alert and taking preventive steps is the best way to reduce risk after this large-scale data breach.

Read more »
United States
Cyber Crime Extradition Federal Agency Ransomware attack United States

Armenian Man Extradited to US After Targeting Oregon Tech Firm

 

The Justice Department said Wednesday last week that an Armenian national is in federal custody on charges related to their alleged involvement in a wave of Ryuk ransomware attacks in 2019 and 2020. On June 18, Karen Serobovich Vardanyan, 33, was extradited to the United States from Ukraine. 

On June 20, he appeared in federal court and pleaded not guilty to the allegations. The seven-day jury trial Vardanyan is awaiting is set to start on August 26. The prosecution charged Vardanyan with conspiracy, computer-related fraud, and computer-related extortion Each charge carries a maximum penalty of five years in federal prison and a $250,000 fine. 

Vardanyan and his accomplices, who include 45-year-old Levon Georgiyovych Avetisyan of Armenia and two 53-year-old Ukrainians, Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko, are charged with gaining unauthorised access to computer networks in order to install Ryuk ransomware on hundreds of compromised workstations and servers between March 2019 and September 2020. 

Lyulyava and Prykhodchenko are still at large, while Avetisyan is in France awaiting a request for extradition from the United States. According to authorities, the Ryuk ransomware was widespread in 2019 and 2020, infecting thousands of people worldwide in the private sector, state and local governments, local school districts, and critical infrastructure. 

Among these are a series of assaults on American hospitals and a technology company in Oregon, where Vardanyan is the subject of a trial by federal authorities. Ryuk ransomware attacks have affected Hollywood Presbyterian Medical Centre, Universal Health Services, Electronic Warfare Associates, a North Carolina water company, and several U.S. newspapers. 

Ryuk ransomware operators extorted victim firms by demanding Bitcoin ransom payments in exchange for decryption keys. According to Justice Department officials, Vardanyan and his co-conspirators received approximately 1,160 bitcoins in ransom payments from victim companies, totalling more than $15 million at the time.
Read more »
User Security
Data Breach Data Leak Episource United States User Security

Major Breach at Medical Billing Giant Results in The Data Leak of 5.4 Million Users

 

Episource, the medical billing behemoth, has warned millions of Americans that a hack earlier this year resulted in the theft of their private and medical data. According to a listing with the United States Department of Health and Human Services, one of the year's largest healthcare breaches affects around 5.4 million people. 

Episource, which is owned by Optum, a subsidiary of the largest health insurance company UnitedHealth Group, offers billing adjustment services to doctors, hospitals, and other healthcare-related organisations. In order to process claims through their health insurance, the company handles a lot of patients' personal and medical data.

In notices filed in California and Vermont on Friday last week, Episource stated that a criminal was able to "see and take copies" of patient and member data from its systems during the weeklong breach that ended on February 6. 

Private information stolen includes names, postal and email addresses, and phone numbers, as well as protected health data such as medical record numbers and information on doctors, diagnoses, drugs, test results, imaging, care, and other treatments. The stolen data also includes health insurance information, such as health plans, policies, and member numbers. 

Episource would not elaborate on the nature of the issue, but Sharp Healthcare, one of the organisations that worked with Episource and was impacted by the intrusion, notified its clients that the Episource hack was triggered by ransomware. This is the latest cybersecurity incident to affect UnitedHealth in recent years.

Change Healthcare, one of the top companies in the U.S. healthcare industry, which conducts billions of health transactions each year, was attacked by a ransomware gang in February 2024, resulting in the theft of personal and health information for over 190 million Americans. The cyberattack resulted in the largest healthcare data breach in US history. Several months later, UnitedHealth's Optum division exposed to the internet an internal chatbot used by staff to enquire about claims.
Read more »
United States
Crypto Theft Cyber Crime DOJ Fraud Campaign United States

Crypto Crime Shocker: DOJ Charges 27 In $263 Million Crypto Theft

 

A multi-national cryptocurrency fraud ring that allegedly defrauded victims worldwide over a quarter of a billion dollars has come under increased scrutiny from the US Department of Justice (DOJ). 

The case now has 27 defendants in total after the charges were filed under the Racketeer Influenced and Corrupt Organisations Act (RICO). Malone Lam, a 20-year-old who is at the centre of the investigation, is charged with planning one of the biggest individual cryptocurrency thefts in American history. 

Lam is suspected of stealing over 4,100 Bitcoin, or about US $230 million, from a single victim in Washington, DC. Lam, who went by multiple internet aliases such as "Anne Hathaway" and "$$$," is accused of collaborating with Jeandiel Serrano (also known as "VersaceGod") to carry out a complex social engineering attack on a guy identified as an extremely wealthy early crypto investor. 

After bombarding the victim with phoney Google security warnings warning of unauthorised login attempts, Lam and Serrano are said to have called the guy and impersonated Google support professionals. Investigators say they misled the victim into revealing multi-factor authentication codes, allowing them to access his accounts and steal a fortune in cryptocurrency. 

Following the theft, Lam and Serrano are accused of laundering the stolen funds in a variety of ways and using their wealth to fund a lavish lifestyle. Lam is claimed to have bought at least 31 expensive cars, including custom Lamborghinis, Ferraris, Porsches, Mercedes G Waggons, a Rolls-Royce, and a McClaren, some of which were worth more than $3 million. He also rented many high-end residences in Los Angeles and Miami, some for up to $68,000 per month, and spent hundreds of thousands of dollars on nightclub trips. 

Now, the DOJ has revealed that more defendants have been indicted in connection with the racketeering scheme. According to court documents, the defendants, who met through online gaming platforms, performed a variety of roles, including database hackers, organisers, target identifiers, callers, money launderers, and burglars who physically broke into victims' homes to steal their hardware cryptocurrency wallets. 

According to court documents, one of the defendants, 21-year-old Joel Cortes of Laguna Niguel, California, assisted members of the gang by "changing stolen virtual currency into fiat currency and shipping the currency across the United States, hidden in squishmallow stuffed animals, each containing approximately $25,000 apiece.” 

When it came to drawing attention to themselves, other gang members allegedly adopted Lam's strategy by, among other things, renting private jets, buying luxury handbags valued at tens of thousands of dollars to give to young women they deemed attractive, and paying up to US $500,000 per night for nightclub services.

Lam is accused of continuing to engage with the group even after his arrest in September 2024, assisting them in stealing cryptocurrencies and arranging for his claimed associates to purchase luxury Hermes Birkin handbags for his girlfriend in Miami, Florida. 

This case serves as a stark reminder of the ever-increasing confluence of cyber fraud and psychology. While the crypto technology is new, the scam is old as time: acquire trust, play the long game, and walk away with the loot.
Read more »
United States
Bank Security Generative AI KPMG Survey Technology United States

Generative AI May Handle 40% of Workload, Financial Experts Predict

 

Almost half of bank executives polled recently by KPMG believe that generative AI will be able to manage 21% to 40% of their teams' regular tasks by the end of the year. 
 
Heavy investment

Despite economic uncertainty, six out of ten bank executives say generative AI is a top investment priority this year, according to an April KPMG report that polled 200 U.S. bank executives from large and small firms in March about the tech investments their organisations are making. Furthermore, 57% said generative AI is a vital part of their long-term strategy for driving innovation and remaining relevant in the future. 

“Banks are walking a tightrope of rapidly advancing their AI agendas while working to better define the value of their investments,” Peter Torrente, KPMG’s U.S. sector leader for its banking and capital markets practice, noted in the report. 

Approximately half of the executives polled stated their banks are actively piloting the use of generative AI in fraud detection and financial forecasting, with 34% stating the same for cybersecurity. Fraud and cybersecurity are the most prevalent in the proof-of-concept stage (45% each), followed by financial forecasting (20%). 

Nearly 78 percent are actively employing generative AI or evaluating its usage for security or fraud prevention, while 21% are considering it. The vast majority (85%) are using generative AI for data-driven insights or personalisation. 

Senior vice president of product and head of AI at Alphasense, an AI market intelligence company, Chris Ackerson, stated that banks are turning to third-party providers for at least certain uses since the present rate of AI development "is breathtaking." 

Alphasense the and similar companies are being used by lenders to streamline their due diligence procedures and assist in deal sourcing in order to identify potentially lucrative possibilities. The latter, according to Ackerson, "can be a revenue generation play," not merely an efficiency increase. 

As banks include generative AI into their cybersecurity, fraud detection, and financial forecasting responsibilities, ensuring that their employees understand how to appropriately use generative AI-powered solutions has become critical to assuring a return on investment. 

Training staff on how to use new tools or software is "a big element of all of this, to get the benefits out of the technology, as well as to make sure that you're upskilling your employees," Torrente stated. 

Numerous financial institutions, particularly larger lenders, are already investing in such training as they implement various AI tools, according to Torrente, but banks of all sizes should prioritise it as consumer expectations shift and smaller banks struggle to remain competitive.
Read more »
United States
Data Breach Military Operations National Security Security Breach Signal app United States

Experts Warn Trump Officials Using Signal for War Plans Risk Massive Leaks

 

Reports that senior Trump administration officials discussed classified military operations using the encrypted texting app Signal have raised serious security concerns. Although Signal provides encryption, lawmakers and cybersecurity specialists have warned that it is still susceptible to hacking and should never be used for private government communications. 

When journalist Jeffrey Goldberg of The Atlantic was accidentally included in a Signal group discussion where senior Trump officials were discussing military operations in Yemen, the issue became apparent. Goldberg called the conversation an act of "shocking recklessness" and said it included "precise information about weapons packages, targets, and timing.” 

Mark Montgomery, senior director of the Foundation for Defence of Democracies, criticised the decision, saying, "I guess Signal is a few steps above leaving a copy of your war plan at the Chinese Embassy—but it's far below the standards required for discussing any elements of a war plan.” 

Signal has become increasingly popular in Washington despite cybersecurity concerns after Chinese-affiliated hackers significantly compromised U.S. telecommunications networks. To safeguard against spying, officials recommend using encrypted services such as Signal. Experts warn that even while the app has robust encryption and deletes messages automatically, it is not approved for use in government-level sensitive communications. 

Lawmakers call for investigation

Top Democrats have slammed the use of Signal for military discussions, describing it as a significant security breach. Bennie Thompson (D-Miss.), the ranking member of the House Homeland Security Committee, criticised the Trump administration for failing to vet group chat users. “It should go without saying that administration officials should not be using Signal for discussing intelligence matters,” Thompson noted. 

House Foreign Affairs Committee Ranking Member Gregory Meeks (D-N.Y.) has requested a hearing, calling the episode "the most astonishing breach of our national security in recent history." Ranking member of the House Intelligence Committee, Jim Himes (D-Conn.), said he was "horrified" by the usage of an insecure app. He cautioned that lower-level officials might risk criminal charges for such a failure. 

Michael Waltz, Trump's National Security Adviser, admits to organising the Signal group chat, which inadvertently included writer Jeffrey Goldberg. Waltz first blamed a staff member, but later admitted that he founded the group himself. "It is embarrassing, definitely. We're going to get to the bottom of it," he added, adding that he was engaging Elon Musk on technical matters. 

In support of Waltz, Trump described him as a "good man" who had only "learnt a lesson." "The leak was the only glitch in two months, and it turned out not to be a serious one," he said, downplaying the breach as a small mistake. But there has been a quick pushback, with lawmakers and security experts voicing serious concerns.
Read more »
User Security
Data Breach Data Leak Ransomware attack Retirement Service Firm United States User Security

Ransomware Attack on Retirement Services Firm Exposes Thousands of US School Data

 

A ransomware assault targeting retirement service firm Carruth Compliance Consulting has resulted in a data breach affecting dozens of school districts and thousands of individuals in the US. Carruth Compliance Consulting (CCC) administers retirement savings accounts for public schools and non-profit organisations.

Carruth announced on its website on January 13, 2025, that it had detected suspicious activity on its computer systems on December 21, 2024. An investigation revealed that hackers gained access to company networks between December 19 and December 26, and stole some files. 

The company claims that private information such as name, Social Security number, financial account information, and, in specific circumstances, driver's license numbers, medical billing information, W-2 information, and tax filings were among the hacked files. Free identity restoration and credit monitoring services are being provided to affected consumers. 

A relatively new ransomware organisation called Skira claimed responsibility for the Carruth attack this week, claiming to have taken about 469 gigabytes of data, including databases, source code, and the data the company had included in their customer notification. Only four additional victims are listed on Skira's Tor-based leak website as of this writing; the first victim was revealed in December 2024. 

While Carruth has not disclosed the number of impacted organisations and individuals, dozens of school districts and institutions across multiple states have confirmed in recent weeks that they have been affected by the cybersecurity issue. School districts notified state attorneys general that Carruth was unable to identify affected individuals, and each educational institution is seeking to identify current and former employees whose personal information was provided with the retirement services provider. 

To date, nine school districts in Maine have reported identifying more than 20,000 individuals affected by a data breach, as mandated by the attorney general. The Carruth data breach comes just weeks after it was revealed that hackers may have stolen the personal information of millions of students and instructors in the United States and Canada after a cyberattack on education software and services company PowerSchool.
Read more »
United States
Cyber Fraud Data Breach DOJ Phobos Ransomware United States

Two Russian Hackers Arrested for Large-Scale Ransomware Attacks

 



Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand attacks worldwide.  

Cybercriminals Behind the Phobos Ransomware Attacks 

According to the U.S. Department of Justice (DoJ), both men were actively involved in cybercrime from 2019 to 2024. They were linked to two hacking groups known as "8Base" and "Affiliate 2803," which were responsible for spreading Phobos ransomware.  

Their method of attack involved infiltrating computer networks, stealing important files, and encrypting them using ransomware. Victims were then left with no access to their own data unless they paid a ransom. If payments were not made, the attackers allegedly threatened to leak sensitive information to the public or to the organizations’ clients and partners.  

Legal Charges and Possible Consequences

The two men now face multiple serious charges, including:  

1. Fraud involving online transactions  

2. Hacking into protected systems  

3. Intentional damage to computer networks  

4. Extortion through cyber threats  

If found guilty, the penalties could be severe. Wire fraud charges alone could lead to a 20-year prison sentence, while hacking-related crimes carry additional penalties of up to 10 years.  

International Crackdown on Ransomware Operations

In a coordinated effort, Europol and other international agencies have shut down 27 servers used by the 8Base ransomware group. This action has significantly disrupted the cybercriminal network.  

Authorities also revealed that a previous arrest in Italy in 2023 helped law enforcement gather intelligence on Phobos ransomware operations. This intelligence allowed them to prevent over 400 potential cyberattacks and take down key infrastructure used by the hackers.  

What This Means for Cybersecurity

Phobos ransomware has been a major cyber threat since 2018, targeting businesses and organizations worldwide. While these arrests and crackdowns have weakened the group, it is uncertain whether this will fully eliminate their operations.  

This case highlights the growing efforts by global law enforcement agencies to combat cybercrime. Businesses and individuals are urged to remain cautious, implement strong security measures, and stay informed about evolving cyber threats.  


Read more »
United States
Data Breach Data Privacy K-12 Schools PowerSchool United States

PowerSchool Breach Compromises Student and Teacher Data From K–12 Districts

 

PowerSchool, a widely used software serving thousands of K–12 schools in the United States, has suffered a major cybersecurity breach.

The Breach has left several schools worried about the potential exposure of critical student and faculty data. With over 45 million users relying on the platform, the breach raises serious concerns about data security in the United States' educational system. 

PowerSchool is a cloud-based software platform used by several schools to manage student information, grades, attendance, and contact with parents. The breach reportedly occurred through one of its customer support portals, when fraudsters gained unauthorised access using compromised credentials. 

Magnitude of the data breach

According to PowerSchool, the leaked data consists mainly of contact details such as names and addresses. However, certain school districts' databases might have included more sensitive data, such as Social Security numbers, medical information, and other personally identifiable information.

The company has informed users that the breach did not impact any other PowerSchool products, although the exact scope of the exposure is still being assessed. 

"We have taken all appropriate steps to prevent the data involved from further unauthorised access or misuse," PowerSchool said in response to the incident, as reported by Valley News Live. “We are equipped to conduct a thorough notification process to all impacted individuals.”

Additionally, the firm has promised to keep helping law enforcement in their efforts to determine how the breach occurred and who might be accountable.

Ongoing investigation and response 

Cybersecurity experts have already begun to investigate the hack, and both PowerSchool and local authorities are attempting to determine the exact scope of the incident. 

As the investigation continues, many people are pushing for stronger security measures to protect sensitive data in the educational sector, especially as more institutions rely on cloud-based systems for day-to-day activities. 

According to Valley News Live, PowerSchool has expressed their commitment to resolving the situation, saying, "We are deeply concerned by this incident and are doing everything we can to support the affected districts and families.”
Read more »
United States
Chinese Hackers Cyber Security OFAC Telecom United States

Chinese Hackers Target U.S. Treasury Sanctions Office

 


A major cybersecurity breach has been reported against the U.S. Treasury Department, specifically its Office of Foreign Assets Control (OFAC). OFAC, which oversees trade and economic sanctions, was accessed by Chinese state-backed hackers in what officials have described as a "major incident."  

How the Attack Happened

The breach was through a vulnerability in BeyondTrust, a remote support software used by the Treasury. Hackers exploited this platform to gain unauthorized access to sensitive government systems. OFAC was their primary focus, likely because of its role in managing sanctions against foreign entities, including Chinese individuals and organizations.

OFAC was originally created in 1950 in the Korean War to block assets from China and North Korea. Today, it remains a very central part of U.S. sanctions enforcement. This makes OFAC a high-value target for espionage. 

Impact of the Breach

According to the reports, in addition to OFAC, the hackers accessed the Treasury's Office of Financial Research. Officials have so far confirmed that the compromised systems have been secured, and the hackers do not have access any longer. The extent of data stolen or misused is yet to be determined.  

The same hacking crew, which identified itself as the "Salt Typhoon," also has been identified with earlier incidents of hacking other major U.S. telecom firms, including Verizon and AT&T, whose breaches enabled illicit access to customers' communications-affecting contents such as sent text messages or calls, among others-as well as wiretaps conducted by police.

Salt Typhoon is not limited to the United States, as there have been reports of similar breaches in telecommunications networks of several countries. This has shown weaknesses in crucial communication infrastructure. 

In response to these incursions, U.S. officials have called for more stringent cybersecurity measures. CISA has suggested using encrypted messaging apps such as Signal to secure communications. Moreover, lawmakers are thinking of banning China Telecom's remaining operations in the U.S.

Senator Ron Wyden also introduced new legislation to ensure the US telecom system's security. All these steps are taken to avoid such breaches in the future and to prevent the sensitive data pertaining to the government and private institutions, which would have been accessed by the state-funded cyberattacks. This was a highly sophisticated cyber-espionage campaign, thus proving the explicit necessity for security measures.



Read more »
United States
Artivion Cyber Attacks Data Leak Medical Data Ransomware United States

Artivion Discloses Ransomware Attack, Disrupting Operations

 

Leading cardiac surgery medical device company Artivion has reported a ransomware attack that occurred on November 21, resulting in the encryption of certain systems and unauthorized data access. The incident forced the Atlanta-based company to take part of its operations offline while addressing the attack.

Artivion's Response

In its 8-K filing with the U.S. Securities and Exchange Commission (SEC), Artivion disclosed that it promptly initiated an investigation and engaged external advisors, including legal, cybersecurity, and forensics professionals. "The incident involved the acquisition and encryption of files. The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations," the filing stated.

The company also noted that disruptions to its corporate operations, order processing, and shipping were largely resolved. Despite having insurance coverage for incident response costs, Artivion anticipates additional expenses that will not be covered.

Impact on Operations

Artivion operates manufacturing facilities in Germany, Texas, and Georgia and employs over 1,250 people globally, with sales representatives in more than 100 countries. Although the immediate disruptions caused by the ransomware attack have been mitigated, the company is likely to face longer-term implications, including potential reputational damage and increased cybersecurity investments.

Healthcare Sector Under Siege

The ransomware attack on Artivion is part of a broader wave of cyberattacks targeting healthcare organizations. Recently, the BianLian cybercrime group attacked Boston Children's Health Physicians (BCHP), threatening to expose stolen files unless a ransom was paid. Similarly, UMC Health System and Anna Jaques Hospital faced significant disruptions due to ransomware assaults earlier this year.

These incidents highlight the growing vulnerabilities in the healthcare sector, where sensitive patient data and critical operations make organizations attractive targets for cybercriminals.

Lessons for the Healthcare Industry

The Artivion ransomware attack underscores the urgent need for the healthcare sector to adopt robust cybersecurity measures. Key takeaways include:

  • Proactive Defense: Implementing advanced threat detection and response mechanisms is critical to identifying and mitigating attacks before they cause significant damage.
  • Incident Response Planning: Having a comprehensive incident response plan can minimize disruptions and accelerate recovery efforts during cyberattacks.
  • Employee Awareness: Educating staff about phishing scams and other common attack vectors can help reduce vulnerabilities.

As cyber threats continue to evolve, healthcare organizations must prioritize cybersecurity to safeguard sensitive data and maintain trust in their services.

Read more »
United States
Cyber Security Cyber Threats NATO South Korea United States

South Korea’s Rising Influence in Global Cybersecurity

 


South Korea’s Expanding Role in Global Cybersecurity

South Korea is emerging as a pivotal player in the global cybersecurity landscape, particularly against the backdrop of escalating tensions between the United States and China in cyberspace. By participating in high-profile cybersecurity exercises and fostering international collaborations, the country is bolstering its reputation as a key ally in both regional and global cyber defense initiatives.

Recently, South Korea hosted the APEX cyberwarfare exercise, which gathered cybersecurity experts and defense personnel from over 20 nations. This exercise simulated cyberattacks on critical infrastructure, enabling participants to devise defensive strategies and exchange vital insights. South Korea has also actively participated in NATO-led events, such as the Locked Shields exercise, which focuses on testing and enhancing cyber resilience.

In addition, South Korea showcased its commitment to international cybersecurity efforts by attending the Cyber Champions Summit in Sydney. The country is set to host the next iteration of the summit, emphasizing its dedication to fostering global cooperation in addressing cyber threats.

Strategic Alliances and Emerging Trends

South Korea's advanced technological capabilities and strategic location have positioned it as a vital partner for the United States in addressing cyber threats, especially those originating from China. According to analysts, South Korea’s infrastructure serves as a communications hub for critical trans-Pacific submarine cables connecting major networks across Asia, including China. Experts have also suggested that the country may act as a base for US cyber operations, similar to its role in hosting the THAAD missile system in 2017.

China, meanwhile, has been enhancing its cyber capabilities in response to growing alliances among its rivals. In April 2024, China reorganized its People’s Liberation Army to include specialized units dedicated to cyber, information, and space operations. Despite these efforts, experts note that China’s cyber capabilities still lag behind those of the US and its allies.

South Korea’s increasing involvement in cybersecurity underscores its strategic importance in addressing modern cyber challenges. By collaborating with the US, NATO, and other allies, the nation is strengthening its cyber defenses while contributing to a broader security framework in the Indo-Pacific region. These initiatives are poised to shape the global cybersecurity landscape in the coming years.

Read more »
United States
Cyber Security Cyberespionage FBI Salt Typhoon Telecommunication United States

US Telecoms Warned of Chinese Cyber Espionage Threat

 


The White House recently brought together U.S. telecommunications executives to discuss a cyberespionage campaign attributed to Chinese-backed hackers. The attacks have been described by experts as the "worst telecom hack in U.S. history," compromising major telecom providers and targeting national security intelligence.

According to reports, the FBI said several breaches had occurred at telecommunications companies where attackers made off with sensitive data including call records and communications that the hackers could access due to government-mandated backdoors. The intrusion, according to reports, was done by a group code-named Salt Typhoon that has connections to China's Ministry of State Security. It is said to have engaged in espionage activities against officials from U.S. presidential campaigns.

The key telecom providers like AT&T, Verizon, and Lumen have been listed as victims of this cyberattack. Recently, T-Mobile has also revealed that its networks have been breached, though it claimed no customer data was compromised. The hackers did not only target U.S. companies but also stretched their reach to allied nations whose identities remain undisclosed.

Senator Mark Warner, chair of the Senate Intelligence Committee, called these attacks some of the most serious he's seen. He reported that the FBI had informed fewer than 150 people - mostly in Washington - whose communications were compromised. Some telecom companies are still working to get the attackers out of their networks, showing just how persistent these intrusions are. 


Techniques and Long-Term Goals

Salt Typhoon uses advanced tactics to infiltrate systems and maintain long-term access. They include vulnerability exploitation in common devices like Cisco routers and Microsoft Exchange servers. Researchers also found that this group uses legitimate tools to carry out their malicious activities, hence making it challenging to be detected.

Since at least 2020, this group has targeted not only the U.S. but also nations such as Brazil, India, and Taiwan. Their primary focus remains on gathering intelligence from telecommunications networks, government systems, and military organizations.

To mitigate such attacks, the FBI and CISA have been offering technical support to victims. U.S. Cyber Command has amplified operations aimed at disrupting the ability of Chinese cyber actors globally and, consequently, reducing the incidence and impact of such attacks.

This has also raised fears about broader objectives, including possible disruption of Western infrastructure in case tensions over Taiwan or any other issue are to rise further. According to FBI Director Christopher Wray, "China's hacking capabilities are larger than those of any other nation and present a significant challenge to our nation's cybersecurity defenses.".

In response to the growing threats, the Senate has scheduled a classified briefing in December to discuss further measures. The meeting underlines the urgent need to strengthen cybersecurity across critical sectors.


Read more »
Wiretaps
Chinese Hackers Cyber Espionage Campaign Data Breach United States Wiretaps

Chinese Hackers Breach US Telco Networks to Access US Court Wiretap Systems

 

A Wall Street Journal report claims that Chinese hackers gained access to systems used for court-authorized wiretaps by breaking into the networks of major US telecommunications companies. 

The breach, which targeted companies such as Verizon Communications, AT&T, and Lumen Technologies, may have allowed the attackers to go unnoticed for months while gathering critical details regarding government requests for communications data. 

The hackers, who are believed to be affiliated with a state-sponsored Chinese group, were able to breach the system that telecom firms use to handle wiretaps authorised by the government. This breach may have given the perpetrators access to sensitive US internet traffic, allowing them to monitor communications under surveillance orders. 

The attack was recently identified, and it is believed that the hackers may have had long-term access to these networks, gathering intelligence. US investigators have dubbed the group responsible for the breach "Salt Typhoon" The incident is part of a larger pattern of cyber espionage actions attributed to Chinese hackers. 

Earlier this year, US law enforcement shut down another significant Chinese hacking campaign known as "Flax Typhoon," a group suspected of widespread cyber-espionage. These operations are believed to be aimed at gathering intelligence for the Chinese government. 

China's denial

The Chinese foreign ministry responded to the charges by rejecting any involvement in the cyber operation. In a statement, they claimed they were unaware of the attack mentioned in the report and accused the US of fabricating a "false narrative" to blame China. 

The ministry also criticised the US for impeding global cybersecurity cooperation and communication, describing the charges as a roadblock to international efforts to confront cybersecurity concerns. Beijing has always refuted all allegations of state-sponsored hacking, including those made by the US government.

In this instance, China's foreign ministry mentioned details provided by their own cybersecurity agency, claiming that "Volt Typhoon," another supposed Beijing-linked gang, was actually the work of a global ransomware organisation.
Read more »
Subscribe to: Comments (Atom)