DataBreachToday.com

Experts From Stibo Systems, Sitation on Tapping Into MDM and Predictive Analytics
Manufacturers want to digitally transform to tap into the latest artificial intelligence tools, but they're saddled with decades-old equipment that was not designed to easily share data with other systems. But there's hope, said James Van Pelt, manufacturing practice lead at Stibo Systems.

Zero Trust Creator John Kindervag on Barriers to Security Success Beyond Tech
Growing executive engagement with zero trust signifies a change from technical discussions to strategic business focus. Boards now view cybersecurity as fundamental to operations and seek solutions beyond products, said John Kindervag, creator of zero trust and chief evangelist, Illumio.

HIPAA Protected Health Information Among Data Stolen in Nov. 2023 Attack
The City of Long Beach, Calif. is notifying nearly 260,000 individuals that their protected health information was potentially stolen in a November 2023 hack that also disrupted IT systems for several weeks. The city has added $1 million to its cybersecurity budget since the incident.

Salt Typhoon Exposed Major Flaws in Telecom Networks. Few Changes Have Been Made
After China's Salt Typhoon breach of U.S. telecom networks, federal experts told Congress on Wednesday the nation remains dangerously exposed to another attack - despite warnings, investigations and interagency coordination, all of which have yet to produce systemic cyber defense improvements.

Panel Discusses Views on Cryptocurrency, OT Security and Data Sovereignty
ISMG editors share highlights from Day 2 of the RSAC Conference 2025 in San Francisco, including insights from the cryptographers' panel, operational technology security awareness at the board level, and the growing focus on securing both public and private AI models.

Although the National Institutes of Health appears to have scaled back plans to build a national registry to track individuals with autism, the agency's research project still poses critical data privacy concerns, said Ariana Aboulafia and Andrew Crawford of the Center for Democracy and Technology.

'Providers Must Urgently Reprioritize Security," Writes Patrick Opet
Banking giant JPMorgan Chase called on software as a service providers to improve cybersecurity practices in an open letter accusing them of "quietly enabling cyberattackers." An attack "on one major SaaS or PaaS provider can immediately ripple through its customers," wrote CISO Patrick Opet.

Capitol Meridian Partners' Razi on Smarter AI Use, Strong Leadership and Diversity
Many AI models prioritize speed over security, exposing organizations to significant risks. Niloofar Razi, operating partner at Capitol Meridian Partners, stressed the need for companies to evaluate models carefully before adoption.

Energy Department Disputes Nuclear Access Breach Claims in Latest DOGE Controversy
Department of Government Efficiency staffers gained access to accounts on classified networks storing some of the nation's top nuclear secrets according a report published concurrently with a lawsuit arguing the task force is unconstitutional and lacks congressional approval.

Hot Topics Also Include Quantum Computing, Blockchains, Artificial Intelligence
Cryptocurrencies have dramatically failed to live up to their promise, to the extent that the "world would be better" without them, said cryptographer Adi Shamir at this year's RSAC Conference, during an expert panel that touched on artificial intelligence, quantum computing, blockchains and more.

New Zealand Model Brings Cyber and Fraud Teams Together to Defend Against Scammers
To help financial institutions counter crime, the FS-ISAC earlier this month introduced a major initiative: the Cyberfraud Prevention Framework. This new initiative is designed to unify cybersecurity and fraud prevention teams to more effectively protect customers and secure the enterprise.

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload Webshells
Threat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

Co. Is Already Facing Several Lawsuits Based on Its Much Lower Victim Estimates
Employee benefits administrator Verisource Services Inc. has told regulators that a hack discovered in February 2024 has affected 4 million individuals, up significantly from initial estimates reported last summer. The company already faces several lawsuits involving its earlier lowball estimates.

4-Day Cybersecurity Event Covers Emerging Tech, Latest Cyberthreats
ISMG Editors convened in San Francisco for coverage of RSAC Conference. Panelists shared an overview of opening-day speakers and hot topics, including the growth of AI, uncertainties in the global threat landscape, the Innovation Sandbox contest and Cryptographers' Panel session.

Enforcement Action Is Latest Under Agency's Ransomware, Risk Analysis Initiatives
Federal regulators fined a New York neurology practice $25,000 following an investigation into a 2020 ransomware breach affecting nearly 7,000 individuals. Comprehensive Neurology failed to conduct an accurate and thorough risk analysis, regulators said.

Analyzing Measuring What Matters, Not What Models Practice
In the frenzy to top leaderboards, AI teams optimize for benchmarks rather than genuine progress, and as a result, scores on static tests tell us more about a model's memorization tactics than its ability to navigate real world environments.

Tyler Buchanan, a 23-year-old Scottish Man Extradited to the US on Wednesday
Spanish authorities extradited on Wednesday the suspected head of the Scattered Spider cybercrime group to the United States, where he is being held without bail in a downtown Los Angeles federal prison. Tyler Buchanan, 23, faces charges for wire fraud, aggravated identity theft and conspiracy.

Hackers Hit Maryland Medical Group and California Hospital, Claim 480 GB Data Theft
Two separate ransomware hacks of a Maryland medical group and a California hospital resulted in data thefts affecting more than 1.1 million patients, according to recent reports to regulators. Cybercriminals claim to have leaked 480 gigabytes of data from one of the attacks.