Bourbon and Breaches by HackNotice HackNotice

In this episode of Bourbon and Data Breaches, we cover the following stories:  

 "1. Uber ex-CSO verdict raises thorny issues of cyber governance and transparency https://www.cybersecuritydive.com/news/uber-cso-convicted/634332/The former chief security officer of Uber was convicted in a historic federal trial earlier this month, after the defendant was charged with covering up a ransomware attack while his firm was under investigation by the Federal Trade Commission for prior lapses in data protection.   



2. Microsoft data breach exposes customers’ contact info, emails   https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/ Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.  



3. Shein owner fined $1.9M for failing to notify 39M users of data breach https://techcrunch.com/2022/10/13/shein-zoetop-fined-1-9m-data-breach/A data breach from 2018 is putting Shein under the spotlight as the ultra-fast fashion e-commerce platform continues to conquer Gen Z markets across the world. Zoetop, the firm that owns Shein and its sister brand Romwe, has been fined $1.9 million by New York for failing to properly handle a security incident, according to a notice from the state’s attorney general office this week. New York doesn’t publicly release data breach notifications like Maine, New Hampshire, California or other states, which is why the notice came so much later than when the cyberattack happened  



4. Optus tells customers affected by data breach they can no longer use passports as online ID  https://www.theguardian.com/business/2022/oct/17/optus-tells-customers-affected-by-data-breach-they-can-no-longer-use-passports-as-online-id Optus customers told they would not need a new passport after their documents were compromised in the recent data breach have now been notified that they can no longer use this document for online identification. Daniel Reeders, whose passport was one of more than 100,000 exposed in the Optus hack, had been told that all was well and he did not need to start the process to receive a new passport. However, late Friday he was informed he would no longer be able to use his passport online as identification  





5. New York fines EyeMed $4.5 million for 2020 email hack, data breach https://www.scmagazine.com/analysis/privacy/new-york-fines-eyemed-4-5-million-for-2020-email-hack-data-breach The state of New York has slapped EyeMed Vision Care with yet another fine over its massive 2020 email hack and healthcare data breach. This time the vision benefits company will pay a $4.5 million penalty for multiple security violations that “contributed to” the data exposure"

In this episode of BnB, we discuss the top 5 cybersecurity news of the week:  

 1. Trickbot internal message leaked 

2. Memorial Hermann patients affected by breach 

3. Puma affected by Kronos incident 

4. More dark net forums seized in government effort 

5. $3.6 billon of stolen bitcoin recovered

In this episode of Bourbon and Data Breaches, we discuss the week's top 5 cybersecurity news:  

1. Belarusian railways compromised.  

2. Linn County officials try to get systems up and running.  

3. OpenSubtitles confirms data breach affecting 7 million people.   

4. Bloomington school district reveals a 334 percent spike in cybersecurity insurance rates.   

5. School district didn't inform parents about the attack, so threat actors reached out to the victims directly.

Welcome to the first BnB episode of 2022. In this episode, we cover the Top Five Cybersecurity News of the Week of January 10th:   

1. AvosLocker remotely access boxes in safe mode.   

2. Ransomware group Ragnar_Locker claims successful hack of Sectrio.  

Bourbon Break: In this episode, we try the Two Stars Bourbon.   

3. A ransomware attack on an Alberquerque jail took away access to camera feeds and disabled automatic door mechanisms.    

4. Hackers target dozens of Ukrainian government websites and leave message "be afraid and expect the worst."   

5. Members of REvil ransomware gang arrested in Russia.

This is the final Bourbon and Data Breaches Videocast of the Year. In this episode, we cover the Top Five Cybersecurity News of the Week of November 29th:   

1. IKEA battles an ongoing cyberattack where multiple employees were targeted to become victims of phishing attacks.   

2. Panasonic faces another data breach where hackers took advantage of a third-party vendor. The tech giant is working to fix the impact.   Bourbon Break: In this episode, we try the Heaven's Door Double Barrel Whiskey by Bob Dylan.   

3. DNA Diagnostics Center, a DNA testing firm in Ohio, was recently breached. Hackers gain access to the information of over 2 million customers.   

4. Notorious fraudster Krasr recruits 7 Amazon employees as moles and steals $160,000 from the business.   

5. Planned Parenthood (Los Angeles) data breach results in 400,000 people whose data was stolen.

In this episode, the HackNotice Team discusses the latest cybersecurity news. 



1. "A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration. These ransom demands come with a countdown timer to induce a sense of urgency and possibly panic a web admin into paying the ransom."

2. "Trading platform Robinhood said Monday that personal information for more than 7 million customers was accessed during a data breach on November 3rd. The company said in a news release that it does not appear that Social Security numbers, bank account numbers, or debit card numbers were exposed, and no customers have had “financial loss” due to the incident."

3. "The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack."

4. "A secretive Israeli company helped hack a British news site and used it to take over the devices of some people who visited the site, cyber researchers say. The cybersecurity firm ESET said in a report Tuesday that the company, Candiru, helped an unknown foreign government hack the London news site Middle East Eye with a so-called watering hole attack, which places malicious software on a website to infect and hack the computers of people who visit it."

5. "Roughly three months after Eskenazi Health released a statement announcing a cyber security breach that compromised personal data, some patients are just now receiving that news in the mail. According to this release posted last month, Eskenazi Health was notified of a cyber attack “on or about August 4, 2021” that resulted in the personal information of some employees and patients being leaked to cybercriminals. However, the same release claims the breach actually happened three months prior “on or about May 19, 2021.”