DataBreachToday.com

OpenAI and Microsoft Reportedly Investigate DeepSeek API Access
The low-cost miracle of the DeepSeek-R1 model may not in fact be one as accusations surfaced that the Chinese company may have derived its reasoning model from U.S. firm OpenAI. OpenAI and Microsoft are investigating whether DeepSeek stole information from OpenAI through an API.

7 Proposed Class Actions Filed Against Allegheny Health Network and IntraSystems
A Pittsburgh-based healthcare system and its Massachusetts-based IT services firm are facing at least seven proposed federal class action lawsuits involving a data theft - reported on Jan. 17 - affecting about 293,000 people. The hack is the latest major breach involving a business associate.

Deal Brings Third-Party Data Ingestion, Risk Prioritization, Automated Workflows
Tenable has acquired Vulcan Cyber to bolster its exposure management strategy, integrating third-party asset data, AI-powered risk prioritization, and automated remediation workflows into Tenable One. The $150 million purchase aims to provide enterprises with a unified risk management platform.

Data Storage in China Sparks Privacy Concerns
Italian data regulator Garante launched an inquiry into data storage and processing practices of Chinese generative AI model DeepSeek following the Friday public debut of its R1 reasoning model. The DeepSeek app is no longer available in the Apple and Google app stores in Italy.

British Museum IT Disruption Highlights Missteps in Identity and Access Management
The British Museum faced unexpected disruption when a former contractor trespassed into the museum and disabled its IT systems. This disruption highlights the risks posed by disgruntled employees and raises concerns about access rights after employment ends.

DeepSeek-R1 Model Rivals OpenAI at Fraction of Cost, Challenges US AI Leadership
The Chinese DeepSeek-R1 model rivals top U.S. AI models in performance while dramatically lowering training costs. Built on lower-end Nvidia GPUs, R1's efficiency reshapes the AI landscape, bolstering AMD's prospects and reshaping AI infrastructure discussions in Silicon Valley and beyond.

Experts Explain Complexity of Company's Massive Data Breach Analysis Endeavor
UnitedHealth Group says its previously eye-popping estimate of 100 million people affected by last year's attack on its Change Healthcare unit nearly doubled in recent months to a staggering 190 million victims. Why did it take so long for the company to figure out the extent of the compromise?

Europe Targets Officers of Unit 29155 of the Russian Main Intelligence Directorate
The European Union sanctioned on Monday three officers of a Russian military intelligence unit for their role in cyberattacks targeting Estonia in 2020. The sanctions are tied to the unit's 2020 hack of the Estonian government departments and the exfiltration of sensitive documents.

China's DeepSeek AI Model Sparks US Policy Debate Amid Growing Industry Concerns
The global artificial intelligence race saw a historic "Sputnik moment" this week when the Chinese startup DeepSeek claimed to develop a competitive model with $6 million and a stockpile of old Nvidia semiconductors - defying export restrictions and raising alarms about China's ability to innovate.

Series C Funding Targets Supply Chain Risks in AI, Next-Gen Infrastructure Security
Eclypsium raised $45 million in Series C funding to address emerging cyber threats in AI workloads, GPU systems and the global supply chain. With support from Qualcomm and 1011 Ventures, the company will to tackle advanced cyberthreats from nation-state adversaries like Volt Typhoon.

AI Startup's R1 Model Draws Praise and Skepticism
An open reasoning model from Chinese artificial intelligence startup DeepSeek has the tech industry assessing its potential impact as shares of U.S. technology mainstays plummeted in trading on Monday. Hangzhou-based DeepSeek released its R1 model on Jan. 20.

Preauthentication Deserialization Flaw Could Result in Remote Code Execution
Software vendors and national security agencies are urging immediate patching of a critical SonicWall flaw days after the security device manufacturer disclosed that hackers are actively exploiting a zero-day. The flaw doesn't require user authentication.

RansomHub Theft Hit Patients of 2 Dozen HCF Facilities and Home Healthcare Unit
A chain of more than two dozen skilled nursing and rehabilitation facilities is notifying tens of thousands of patients whose information was compromised in a hacking incident last fall. Russian-speaking cybercriminal gang RansomHub claims to have published 250GB of data stolen in the heist.

Undersea Cable Damage in Baltic Sparks Concerns of Russian 'Shadow Fleet' Activity
Swedish authorities seized a vessel in the Baltic Sea as part of a criminal investigation into sabotage of an undersea cable between Sweden and Latvia after a series of regional cable disruptions, including one involving suspected Russian shadow fleet activity, raising security concerns.

Why MFA and Data Minimization Remain Key for Preventing Massive Data Breaches
While PowerSchool's investigation into the massive theft of its customers' data is continuing, clear lessons have already emerged. Count among them the importance of using multifactor authentication, which could have safeguarded access to PowerSchool's exploited customer support systems.

With the pace of global change so often creating a sense of accelerating chaos, it's easy to view cyber defenders as firefighters constantly on call. But Black Hat conference founder and creator Jeff Moss warned that "things have been on fire for as long as I can remember."