From Digital Age to Nano Age. WorldWide.

Tag: data breach

Robotic Automations

Ireland privacy watchdog confirms Dell data breach investigation | TechCrunch


A top European privacy watchdog is investigating following the recent breaches of Dell customers’ personal information, TechCrunch has learned.  Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to TechCrunch that the DPC has received “a breach notification on this matter” — referring to Dell — which is “currently under assessment.” Asked to elaborate, […]

© 2024 TechCrunch. All rights reserved. For personal use only.


Software Development in Sri Lanka

Robotic Automations

Threat actor says he scraped 49M Dell customer addresses before the company found out | TechCrunch


The person who claims to have 49 million Dell customer records told TechCrunch that he brute-forced an online company portal and scraped customer data, including physical addresses, directly from Dell’s servers.  TechCrunch verified that some of the scraped data matches the personal information of Dell customers. On Thursday, Dell sent an email to customers saying […]

© 2024 TechCrunch. All rights reserved. For personal use only.


Software Development in Sri Lanka

Robotic Automations

US Patent and Trademark Office confirms another leak of filers' address data | TechCrunch


The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address — which can include […]

© 2024 TechCrunch. All rights reserved. For personal use only.


Software Development in Sri Lanka

Robotic Automations

Brandywine Realty Trust says data stolen in ransomware attack | TechCrunch


U.S. realty trust giant Brandywine Realty Trust has confirmed a cyberattack that resulted in the theft of data from its network.

In a filing with regulators on Tuesday, the Philadelphia-based Brandywine described the cybersecurity incident as unauthorized access and the “deployment of encryption” on its internal corporate IT systems, consistent with a ransomware attack.

Brandywine said the cyberattack caused disruption to the company’s business applications that support its operations and corporate functions, including its financial reporting systems.

The company said it shut down some of its systems and believes it has contained the activity. The company confirmed that hackers took files from its systems, but it was still investigating whether any sensitive or personal information was taken.

Brandywine is one of the largest real estate trusts (REIT) in the United States, with a portfolio of about 70 properties across Austin, Philadelphia, and Washington DC as of its last earnings report in April.

Some of the company’s biggest tenants reportedly include IBM, Spark Therapeutics, and Comcast.

Since the introduction of new rules in December, U.S. publicly traded companies are obliged to disclose to investors cybersecurity events that may have a material impact on the business. As of the filing, Brandywine said it does not believe the incident is “reasonably likely to materially impact” its operations.


Software Development in Sri Lanka

Robotic Automations

Haun Ventures is riding the bitcoin high | TechCrunch


Blockchain startups were red-hot when Katie Haun left Andreessen Horowitz in 2021 to launch her own crypto-focused venture firm. But shortly after Haun announced that Huan Ventures’ two funds totalled $1.5 billion, cryptocurrency prices cratered, and FTX collapsed. 

Despite having a massive arsenal of dry powder, Haun Ventures didn’t rush to scoop up stakes in crypto and web3 on the cheap, and many observers wondered when the firm would pick up its deployment pace.

While Haun Ventures says it wasn’t exactly sitting on its hands (and capital) through crypto’s downturn, the firm was perhaps more cautious than it initially intended. 

But now that bitcoin prices have rebounded to their previous highs, Haun Ventures’ investment activity is increasing dramatically. Including some of its token positions, the firm has made 48 investments across its early-stage $500 million and $1 billion later-stage acceleration funds, Haun Ventures told TechCrunch. 

The firm’s latest investment is Agora, an app that streamlines voting and other decision-making for decentralized autonomous organizations. The firm led a $5 million seed round into Agora on Tuesday, with participation from Seed Club, Coinbase Ventures, Balaji Srinivasan and others.

Sam Rosenblum, a partner and investment team lead at Haun Ventures, said that a significant impediment to DAO participation had been the lack of a simple user interface that allows members to approve (or vote on) the implementation of software upgrades to the protocols they are governing.

The process was highly fragmented. Certain decisions were made in a separate Discord channel, then “you then [the community would] go somewhere else to take a vote on allocating dollars in the treasury towards a certain project,” Rosenblum said. 

Agora solves this issue for DAO members by providing an easy-to-use community and protocol governance solution. “Historically, if you wanted to participate in resource allocation of a protocol treasury, you had to do a bunch of on-chain actions yourself, which probably means you have hardware and software setup that most people don’t have,” Rosenblum said. 

Agora is supposed to make DAO participation straightforward for non-technical users. Rosenblum compared it to Coinbase, which simplified coin trading for most people.

The company was founded in 2022 by Charlie Feng, who co-founded fintech Clearco; Coinbase product designer Yitong Zhang; and software engineer Kent Fenwick. 

Agora, which is essentially a SaaS offering, is already used by protocols such as Optimism, ENS and Uniswap.

Rosenblum explained that these protocols are happy to pay for Agora because it helps lower the barrier to participation in their community. 

While activity is certainly accelerating in the crypto world, Rosenblum didn’t say exactly when Haun Ventures will be done deploying its current fund. But he did say that investing will continue into next year.


Software Development in Sri Lanka

Robotic Automations

United HealthCare CEO says 'maybe a third' of U.S. citizens were affected by recent hack | TechCrunch


Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it’s still unclear how many Americans were impacted by the cyberattack.

Last month, Andrew Witty, the CEO of Change Healthcare’s parent company UnitedHealth Group, said that the stolen files include the personal health information of “a substantial proportion of people in America.”

On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted “I think, maybe a third [of Americans] or somewhere of that level.”

Witty said he was reluctant to give a more precise answer because the company is still investigating the breach and trying to figure out exactly how many people were affected.

UnitedHealth’s spokesperson Anthony Marusic did not immediately respond to a request for comment on Witty’s estimate.

During a hearing in the Senate earlier on Wednesday, Witty said that it will likely take “several months,” before the company can begin notifying victims of the data breach.

In a written statement filed by Witty ahead of the two hearings, the CEO wrote that “so far, we have not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.”

According to Witty’s testimony, the hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal,” which was not protected by multi-factor authentication, a basic cybersecurity measure that adds an extra step to log into accounts and systems.

Had that portal had multi-factor authentication enabled, the breach may not have happened. Several Senators grilled Witty on that failure, asking him whether UnitedHealth and Change Healthcare systems are now protected with multi-factor authentication.

During the Senate hearing, Witty said: “We have an enforced policy across the organization to have multi factor authentication on all of our external systems, which is in place.”

The House hearing is underway as of this writing, and we will update this story as more information becomes available.


Software Development in Sri Lanka

Robotic Automations

TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks | TechCrunch


Welcome, folks, to Week in Review (WiR), TechCrunch’s regular newsletter covering this week’s noteworthy happenings in tech.

TikTok’s fate in the U.S. looks uncertain after President Joe Biden signed a bill that included a deadline for ByteDance, TikTok’s parent company, to divest itself of TikTok within nine months or face a ban on distributing it in the U.S. Ivan writes about how the impact of TikTok bans in other countries could signal what’s to come stateside.

Meanwhile, fallout from the Change Healthcare hack continues. Change, a subsidiary of health insurance giant UnitedHealth, confirmed this week that the ransomware attack targeting it earlier this year resulted in a huge theft of Americans’ private health info, possibly covering “a substantial proportion” of Americans.

And Tesla profits dropped 55% as the EV company contends with increased pressure from hybrid carmakers. The automaker’s growth plan is centered around mysterious cheaper EVs scheduled to launch next year — as well as perhaps a robotaxi. But a recall on the Cybertruck for faulty accelerator pedals certainly won’t help in the interim.

Lots else happened. We recap it all in this edition of WiR — but first, a reminder to sign up to receive the WiR newsletter in your inbox every Saturday.

News

Amazon grocery plan: Amazon launched a new unlimited grocery delivery subscription in the U.S. The plan, which costs $9.99 per month for Amazon Prime users, comes with free deliveries for grocery orders over $35 across Amazon Fresh, Whole Foods Market and other local grocery retailers.

California drones grounded: In more Amazon news, the tech giant confirmed that it’s ending Prime Air drone delivery operations in Lockeford, California. The Central California town of 3,500 was the company’s second U.S. drone delivery site after College Station, Texas; Amazon didn’t offer any details around the setback.

Fisker plans layoffs: Fisker says it’s planning more layoffs less than two months after cutting 15% of its workforce, as the EV startup scrambles to raise cash to stay alive. Fisker expects to seek bankruptcy protection within the next 30 days if it can’t come up with the money.

Stripe expansion: Among a slew of other announcements at its Sessions conference in San Francisco, Stripe said that it’ll be de-coupling payments from the rest of its financial services stack. Given that Stripe previously required businesses to be payments customers in order to use any of its other products, that’s a big change.

Analysis

Rabbit hands onBrian writes about the R1, the first gizmo from AI startup R1. The $199 price point, touchscreen and funky aesthetic from storied design firm Teenage Engineering make the R1 far more accessible than Humane’s Ai Pin, he concludes.

Lab-grown diamonds: Pascal, an Andreessen Horowitz-backed startup, claims it can make high-end jewelry accessible by using lab-grown diamonds chemically and physically akin to natural diamonds but that cost one-twentieth of the price.

AI poetry: An experiment called the Poetry Camera — an actual, physical camera — combines open source technology with playful design and artistic vision. Instead of merely capturing images, the Poetry Camera arranges thought-provoking, AI-generated stanzas based on the visuals it encounters.

Rippling deep dive: Connie interviewed Parker Conrad, the CEO of workforce management startup Rippling, on the company’s new $200 million funding round, new San Francisco lease (the second biggest to be signed in the city this year) and more.


Software Development in Sri Lanka

Robotic Automations

Health insurance giant Kaiser notifies millions of a data breach | TechCrunch


U.S. health conglomerate Kaiser is notifying millions of its members of a data breach earlier this month.

In a legally required notice filed with the U.S. government on April 12 but made public on Thursday, the Kaiser Foundation Health Plan confirmed that 13.4 million residents had information taken in a data breach.

The notice did not share the specific nature of the data breach, describing the incident only as “unauthorized access/disclosure” involving a network server.

U.S. organizations covered under the health privacy law known as HIPAA are required to notify the U.S. Department of Health and Human Services of data breaches involving protected health information, such as medical data and patient records. Kaiser also notified California’s attorney general of the data breach, but did not provide any further details.

Kaiser spokesperson Catherine Hernandez did not respond to a request for comment Thursday.

The Kaiser Foundation Health Plan is the parent organization of several entities that make up Kaiser Permanente, one of the largest healthcare organizations in the United States. The Kaiser Foundation Health Plan provides health insurance plans to employers and reported 12.5 million members as of the end of 2023.

The breach at Kaiser is listed on the Department of Health and Human Services’ website as the largest confirmed health-related data breach of 2024 so far.

It’s unclear if the breach at Kaiser is related to the ongoing recovery at U.S. health tech giant Change Healthcare, which was hit by ransomware in February. Earlier this week, Change Healthcare’s parent company UnitedHealth Group said that the criminal hackers stole sensitive health information on a “substantial proportion of people in America,” but fell short of providing a clear figure.


Do you know more about the data breach at Kaiser? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Robotic Automations

US government urges Sisense customers to reset credentials after hack | TechCrunch


U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.

In a brief statement on Thursday, CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to companies around the world.

CISA urged Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services,” and report to the agency any suspicious activity involving the use of compromised credentials.

The exact nature of the cybersecurity incident is not clear yet.

Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants. Sisense’s technology allows organizations to collect, analyze and visualize large amounts of their corporate data by tapping directly into their existing technologies and cloud systems.

Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.

CISA said it is “taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.”

Sisense counts Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon as its customers, as well as thousands of other organizations globally.

News of the incident first emerged on Wednesday after cybersecurity journalist Brian Krebs published a note sent by Sisense Chief Information Security Officer Sangram Dash urging customers to “rotate any credentials that you use within your Sisense application.”

Neither Dash nor a spokesperson for Sisense responded to an email seeking comment.

Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear if the layoffs impacted the company’s security posture. Sisense has taken in close to $300 million in funding from investors, which include Insight Partners, Bessemer Ventures Partners and Battery Ventures.


Do you know more about the Sisense breach? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Robotic Automations

AT&T notifies regulators after customer data breach | TechCrunch


AT&T has begun notifying U.S. state authorities and regulators of a security incident after confirming that millions of customer records posted online last month were authentic.

In a legally required filing with Maine’s attorney general’s office, the U.S. telco giant said it sent out letters notifying more than 51 million people that their personal information was compromised in the data breach, including around 90,000 individuals in Maine. AT&T also notified California’s attorney general of the breach.

AT&T — the largest telco in the United States — said that the breached data included customers’ full name, email address, mailing address, date of birth, phone number and Social Security number.

Leaked customer information dated back to mid-2019 and earlier. According to AT&T the records contained valid data on more than 7.9 million current AT&T customers.

AT&T took action some three years after a subset of the leaked data first appeared online, which prevented any meaningful analysis of the data. The full cache of 73 million leaked customer records was dumped online last month, allowing customers to verify that their data was genuine. Some of the records included duplicates.

The leaked data also included encrypted account passcodes, which allow access to customer accounts.

Soon after the full dataset was published, a security researcher notified TechCrunch that the encrypted passcodes found in the leaked data were easy to decipher. AT&T reset those account passcodes after TechCrunch alerted AT&T on March 26 to the risk posed to customers. TechCrunch held its story until AT&T could complete the process of resetting affected customer passcodes.

AT&T eventually acknowledged that the leaked data belongs to its customers, including about 65 million former customers.

Companies experiencing data breaches that affect large numbers of people are required to disclose the incident with U.S. attorneys general under state data breach notification laws. In its notices filed in Maine and California, AT&T said it is offering identity theft and credit monitoring to affected customers.

AT&T has still not identified the source of the leak.


Software Development in Sri Lanka

Back
WhatsApp
Messenger
Viber