DataBreachToday.com

Britain's Tax Collector HMRC Lost $63 Million to Fraudsters Wielding Taxpayer Data
Police on Thursday arrested 13 individuals in Romania and one in England on suspicion of engaging in a massive tax fraud scheme against Britain. The arrests appear to be tied to a gang that used phishing attacks against British taxpayers to steal $63 million via fraudulent tax claims.

As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP.

AI Models Mostly Fail in Full Track of Vulnerability Research to Exploit
The rise of code-illiterate but AI-enabled script kiddies able to wreak havoc by weaponizing software vulnerabilities into automated exploits, thanks to expert-level assistance from large language models, remains but a future possibility, based on exploit-writing tests of 50 LLMs.

Also, US Sanctions North Korean IT Worker Scammers and More Paraguay Hacks
This week, McDonald's password mishap, North Korean IT worker sanctions, a wormable Microsoft flaw, Qantas update. Monzo fined, Flutter data breach and CyberTeam again targeted Paraguay. Anatsa Trojan reappeared, DoNot targeted a European ministry. Academics sneaked prompt injections into papers.

Abnormal AI CEO Evan Reiser on Behavioral Anomalies, Personalized Phishing Training
Abnormal AI is rolling out behavior-driven AI tools that automate phishing awareness and data reporting. Co-founder and CEO Evan Reiser says the platform reflects a shift away from generic campaigns and manual dashboards toward contextual, real-time defense.

Also: Winkle Abduction Sentencing and Crypto Theft Rising
This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee.

Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, Harrods
The U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.

Impersonation Hoax Leverages Top Officials' Known Use of Commercial Messaging App
Security analysts tell Information Security Media Group more impersonation scams fueled by artificial intelligence - like the recent one involving Secretary of State Marco Rubio - may increasingly target top U.S. officials if the government continues failing to enforce strict security protocols.

AI Is Fueling Innovation and Blind Spots. Deep Observability Helps Close the Gap.
AI is transforming business, but it's also creating new security challenges. With network traffic surging and shadow AI on the rise, visibility is more critical than ever. Learn how deep observability helps close the gaps and defend against AI-fueled threats.

Cybercrime gang Scattered Spider is the top suspect in several recent cyberattacks in the U.S. insurance sector, and it's likely that threat actors could still be lurking in other insurers' IT environments, said Peter McMurtrie of consulting firm West Monroe.

Always Secure MCP Servers Connecting LLMs to External Systems, Experts Warn
Warning: Popular technology designed to make it easy for artificial intelligence tools to connect with external applications and data sources can be turned to malicious use. Researchers discovered two separate vulnerabilities tied to tools in the ecosystem around model context protocol, or MCP.

Research Shows How Large Language Models Fake Conceptual Mastery
MIT, Harvard and University of Chicago researchers say models suffer from "potemkin understanding," referring to an illusion where models ace conceptual tests but fail real-world application. Their paper warns this undermines benchmarks and points to gaps in genuine AI comprehension.

Island CEO Mike Fey on Drivers for SASE, Identity Features in Enterprise Browser
Island co-founder and CEO Mike Fey outlines how the enterprise browser is evolving through AI, SASE and hyperscaler investments to enhance governance, reduce backhaul traffic and support secure access across diverse industries such as healthcare and finance.

Phishing Emails Disguise Malware as Contract Files
A Russian cybersecurity company is warning that hackers are targeting Russia's industrial sector using a previously undocumented spyware, reeling them in with contract-themed emails lures. Kaspersky dubbed the spyware "Batavia." but doesn't attribute the campaign to a threat actor.

Officials Look for Positive PR Stories as Putin's War Drags On
Russian authorities regularly trumpet the arrest and sentencing of citizens who offer hacking support to Ukrainian forces. Experts say the extent to which official crime reports can be trusted remains unclear, especially as officials need to look tough on the "Ukrainian threat."

Settlement Follows Federal Investigation Into Data Leak and Ransomware Attack
A Texas mental healthcare provider's failure to conduct a comprehensive risk analysis resulted in a $225,000 federal fine after regulators investigated a data leak followed by a ransomware attack in 2023. Deer Oaks Behavioral Health also must implement a corrective action plan.