Chinese hackers remotely accessed several US Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency said Monday. Source link
The UK communications watchdog has opened an investigation into whether OnlyFans allowed children to view pornography on its website after an age-checking error. The regulator Ofcom is investigating the platform, which has a minimum user age of 18 and hosts mostly adult content for paying subscribers, over claims of inadequate age-verification measures. It is also investigating whether OnlyFans gave “complete and accurate” responses to information requests. “We have grounds to suspect the platform did not implement its age-verification measures in such a way as to sufficiently protect under-18s from pornographic material,” said Ofcom. OnlyFans acts as a marketplace for adult performers, who upload their own material and keep 80% of the revenue. It requires subscribers to provide their name and credit card details when signing up and also uses age estimation technology from the software company Yoti, which scans a user’s face and approximates their age. If applicants fail the automatic scan they must provide formal ID to register, such as a driving licence or passport. The website said in a statement that a coding …
Lange denied that Krah’s office had retrieved documents with the classification level “restricted” via the trade committee. The “limited/sensitive” classification refers to sensitive content that is not necessarily subject to confidentiality. “Maximilian Krah has never received any EU Restricted documents” in the trade committee, Lange said. But Lange said the full extent of the scandal is still unclear. “It is really disappointing that we have no clear facts and names from the attorney or from the secret services,” Lange said. “This creates a situation of mistrust and uncertainty.” German public prosecutors in the city of Dresden earlier this week initiated preliminary investigations into Krah over the corruption allegations involving Russia and China. Before that, German police on Monday arrested one of Krah’s parliamentary aides, identified as Jian G., over claims he spied for China. The Federal Prosecutor General accuses Jian G. of having passed on internal European Parliament information to China. This activity most recently included information on a motion for a resolution directed against China’s persecution of minorities such as the Uyghurs and Tibetans, according to …
SINGAPORE: A data breach at one of its vendors has resulted in the “unauthorised access” of names and email addresses of parents and staff from five primary and 122 secondary schools, the Ministry of Education (MOE) said on Friday (Apr 19). MOE said it was notified by Mobile Guardian that its user management portal had been breached on Wednesday, with the incident occuring at the company’s headquarters in Surrey, United Kingdom. Mobile Guardian is a device management app (DMA) installed on personal learning devices used by students, like iPads and Google Chromebooks. The app enables parents to manage students’ device usage by restricting applications or websites and screen time. MOE added its own device management app was not affected by the data breach as it is separate from Mobile Guardian’s user management portal and “remains safe for use”. “There is no evidence of unauthorised access into the MOE DMA. Parents whose students use the iPad or Chromebook can continue to use the DMA as usual,” it said. The ministry as well as the schools involved will notify …
BOSTON (AP) — State-backed Russian hackers broke into Microsoft’s corporate email system and accessed the accounts of members of the company’s leadership team, as well as those of employees on its cybersecurity and legal teams, the company said Friday. In a blog post, Microsoft said the intrusion began in late November and was discovered on Jan. 12. It said the same highly skilled Russian hacking team behind the SolarWinds breach was responsible. “A very small percentage” of Microsoft corporate accounts were accessed, the company said, and some emails and attached documents were stolen. A company spokesperson said Microsoft had no immediate comment on which or how many members of its senior leadership had their email accounts breached. In a regulatory filing Friday, Microsoft said it was able to remove the hackers’ access from the compromised accounts on or about Jan. 13. “We are in the process of notifying employees whose email was accessed,” Microsoft said, adding that its investigation indicates the hackers were initially targeting email accounts for information related to their activities. The Microsoft …
Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into the incident, it had determined that hackers had accessed 0.1% of its customer base. According to the company’s most recent annual earnings report, 23andMe has “more than 14 million customers worldwide,” which means 0.1% is around 14,000. But the company also said that by accessing those accounts, the hackers were also able to access “a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature.” The company did not specify what that “significant number” of files is, nor how many of these “other users” were impacted. 23andMe did not immediately respond to a request for comment, which included questions on those numbers. In early October, 23andMe disclosed an incident in which hackers had stolen some users’ data using …
U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected. Okta confirmed in October that a hacker used a stolen credential to access its support case management system and steal customer-uploaded session tokens that could be used to break into the networks of Okta customers. Okta told TechCrunch at the time that around 1% of customers, or 134 organizations, were affected by the breach. In a blog post published on Wednesday, Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach. Okta spokesperson Cat Schermann would not provide an exact figure when asked by TechCrunch, but Okta has around 18,000 customers, according to the company’s website, including 1Password, Cloudflare, OpenAI, and T-Mobile. Bradbury said on September 28, a hacker ran and downloaded a report that contained data belonging to “all Okta customer support system users.” For 99.6% of …
Hackers accessed the personal data of more than a million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin Pulse. Welltok, a Denver-based patient engagement company that works with healthcare plans to provide communications to subscribers about their healthcare, confirmed in a data breach notification filed with Maine’s attorney general last week that hackers accessed the sensitive data of more than 1.6 million individuals. In a letter sent to those affected, Welltok said it was alerted to an earlier alleged compromise of its MOVEit Transfer server, a system that allows organizations to move large sets of often-sensitive data over the internet, after the system’s developer published details of a software vulnerability earlier this year. Welltok said it initially determined in July that there was no indication of a compromise. A second investigation, launched by the company in August, found that hackers “exfiltrated certain data” from Welltok’s MOVEit Transfer server. The compromised data includes individuals’ name, date of birth, addresses, and health information, according to …
Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems. In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.” Samsung declined to answer further questions about the incident, such as how many customers were affected or how hackers accessed its internal systems. In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung U.K.’s store between July 1, 2019 and June 30, 2020. The letter, which was shared on X (formerly Twitter), Samsung said it didn’t discover the compromise until more than three years later, on November 13, 2023. Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses, and email addresses. “No financial data, such as bank or …
Truepill, a digital health startup that provides pharmacy fulfillment services for healthcare organizations, has confirmed that hackers accessed the personal data of more than 2.3 million patients. In a data breach notice published on its website, the company says Postmeds, the parent company behind TruePill, experienced a “cybersecurity incident” that allowed unnamed attackers to gain access to files used for pharmacy management and fulfillment services between August 30 and September 1. Get in touch Do you have more information about the Truepill data breach? You can contact Carly Page securely on Signal at +441536 853968 or by email. You can also contact TechCrunch via SecureDrop. The company’s investigation found that the accessed files contained sensitive customer information, including patient names, unspecified demographic information, medication type, and the name of the patient’s prescribing physician. Truepill said Social Security numbers were not involved, as the company does not receive this information. Truepill confirmed 2.3 million patients were affected according to a required legal filing submitted to the U.S. Department of Health and Human Services’ data breach reporting …
