❌

Normal view

Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Businesses are advised against paying – but many are prepared to deal to protect users’ privacy

After a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure – which operates the education platform Canvas, used by education providers worldwide – announced it had β€œreached an agreement with the unauthorised actor” behind the ransomware attack.

Experts read the careful language as a sign that a ransom has been paid. The company has not confirmed this.

Continue reading...

Β© Photograph: Boonchai Wedmakawand/Getty Images

Β© Photograph: Boonchai Wedmakawand/Getty Images

Β© Photograph: Boonchai Wedmakawand/Getty Images

Booking.com warns customers of hack that exposed their data

Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt

The accommodation reservation website Booking.com has suffered a data breach with β€œunauthorised parties” gaining access to customers’ details.

The platform said it β€œnoticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information”.

Continue reading...

Β© Photograph: CrocusPhotography/Alamy

Β© Photograph: CrocusPhotography/Alamy

Β© Photograph: CrocusPhotography/Alamy

Google warns quantum computers could hack encrypted systems by 2029

Banks, governments and tech providers urged to upgrade security because current systems will soon be obsolete

Banks, governments and technology providers need to be prepared for quantum computer hackers capable of breaking most existing encryption systems by 2029, Google has warned.

The tech company said in a blogpost that quantum computers would pose a β€œsignificant threat to current cryptographic standards” before the end of the decade and urged other companies to follow its lead.

Continue reading...

Β© Photograph: Reuters

Β© Photograph: Reuters

Β© Photograph: Reuters

β€˜All brakes are off’: Russia’s attempt to rein in illicit market for leaked data backfires

Russian state has tolerated parallel probiv market for its convenience but now Ukrainian spies are exploiting it

Russia is scrambling to rein in the country’s sprawling illicit market for leaked personal data, a shadowy ecosystem long exploited by investigative journalists, police and criminal groups.

For more than a decade, Russia’s so-called probiv market – a term derived from the verb β€œto pierce” or β€œto punch into a search bar” – has operated as a parallel information economy built on a network of corrupt officials, traffic police, bank employees and low-level security staff willing to sell access to restricted government or corporate databases.

Continue reading...

Β© Photograph: Alexander Zemlianichenko/AP

Β© Photograph: Alexander Zemlianichenko/AP

Β© Photograph: Alexander Zemlianichenko/AP

London councils enact emergency plans after three hit by cyber-attack

Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hack

Three London councils have reported a cyber-attack, prompting the rollout of emergency plans and the involvement of the National Crime Agency (NCA) as they investigate whether any data has been compromised.

The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines. The councils shut down several computerised systems as a precaution to limit further possible damage.

Continue reading...

Β© Photograph: Artur Marciniec/Alamy

Β© Photograph: Artur Marciniec/Alamy

Β© Photograph: Artur Marciniec/Alamy

Knee-jerk corporate responses to data leaks protect brands like Qantas β€” but consumers are getting screwed

When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers win

It’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get a court to block anyone from accessing it.

Qantas ran it after suffering a major cybersecurity attack that accessed the frequent flyer details of 5 million customers.

Continue reading...

Β© Photograph: Bianca de Marchi/AAP

Β© Photograph: Bianca de Marchi/AAP

Β© Photograph: Bianca de Marchi/AAP

Capita fined Β£14m for data protection failings in 2023 cyber-attack

Hackers stole personal information of 6.6m people but outsourcing firm did not shut device targeted for 58 hours

The outsourcing company Capita has been fined Β£14m for data protection failings after hackers stole the personal information of 6.6 million people, including staff details and those of its clients’ customers.

John Edwards, the UK information commissioner who levied the fine, said the March 2023 data theft from the group and companies it supported, including 325 pension providers, caused anxiety and stress for those affected.

Continue reading...

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

Six out of 10 UK secondary schools hit by cyber-attack or breach in past year

Hackers are more likely to target educational institutions than private businesses, government survey shows

When hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low.

But the broader education sector is well used to being a target.

Continue reading...

Β© Photograph: MBI/Alamy

Β© Photograph: MBI/Alamy

Β© Photograph: MBI/Alamy

Hackers reportedly steal pictures of 8,000 children from Kido nursery chain

Firm, which has 18 sites around London and more in US, India and China, has received ransom demand, say reports

The names, pictures and addresses of about 8,000 children have reportedly been stolen from the Kido nursery chain by a gang of cybercriminals.

The criminals have demanded a ransom from the company – which has 18 sites around London, with more in the US, India and China – according to the BBC.

Continue reading...

Β© Photograph: solarseven/Getty Images/iStockphoto

Β© Photograph: solarseven/Getty Images/iStockphoto

Β© Photograph: solarseven/Getty Images/iStockphoto

Legal aid cyber-attack has pushed sector towards collapse, say lawyers

Barristers report going unpaid and cases being turned away amid fears firms will desert legal aid work altogether

Lawyers have warned that a cyber-attack on the Legal Aid Agency has pushed the sector into chaos, with barristers going unpaid, cases being turned away and fears a growing number of firms could desert legal aid work altogether.

In May, the legal aid agency announced that the personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010 had been accessed and downloaded in a significant cyber-attack.

Continue reading...

Β© Photograph: Hesther Ng/SOPA Images/REX/Shutterstock

Β© Photograph: Hesther Ng/SOPA Images/REX/Shutterstock

Β© Photograph: Hesther Ng/SOPA Images/REX/Shutterstock

Louis Vuitton says UK customer data stolen in cyber-attack

Lead brand of French luxury group LVMH reassures customers financial data such as bank details were not taken

Louis Vuitton has said the data of some UK customers has been stolen, as it became the latest retailer targeted by cyber hackers.

The retailer, the leading brand of the French luxury group LVMH, said an unauthorised third party had accessed its UK operation’s systems and obtained information such as names, contact details and purchase history.

Continue reading...

Β© Photograph: SOPA Images/LightRocket/Getty Images

Β© Photograph: SOPA Images/LightRocket/Getty Images

Β© Photograph: SOPA Images/LightRocket/Getty Images

Russian-led cybercrime network dismantled in global operation

Arrest warrants issued for ringleaders after investigation by police in Europe and North America

European and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.

International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators while indictments were unsealed in the US against 16 individuals.

Continue reading...

Β© Photograph: Andrew Brookes/Getty Images/Image Source

Β© Photograph: Andrew Brookes/Getty Images/Image Source

Β© Photograph: Andrew Brookes/Getty Images/Image Source

What to do if you can’t get into your Facebook or Instagram account

How to prove your identity after your account gets hacked and how to improve security for the future

Your Facebook or Instagram account can be your link to friends, a profile for your work or a key to other services, so losing access can be very worrying. Here’s what to do if the worst happens.

If you have access to the phone number or email account associated with your Facebook or Instagram account, try to reset your password by clicking on the β€œForgot password?” link on the main Facebook or Instagram login screen. Follow the instructions in the email or text message you receive.

If you no longer have access to the email account linked to your Facebook account, use a device with which you have previously logged into Facebook and go to facebook.com/login/identify. Enter any email address or phone number you might have associated with your account, or find your username which is the string of characters after Facebook.com/ on your page. Click on β€œNo longer have access to these?”, β€œForgotten account?” or β€œRecover” and follow the instructions to prove your identity and reset your password.

If your account was hacked, visit facebook.com/hacked or instagram.com/hacked/ on a device you have previously used to log in and follow the instructions. Visit the help with a hacked account page for Facebook or Instagram.

Change the password to something strong, long and unique, such as a combination of random words or a memorable lyric or quote. Avoid simple or guessable combinations. Use a password manager to help you remember it and other important details.

Turn on two-step verification in the β€œpassword and security” section of the Accounts Centre. Use an authentication app or security key for this, not SMS codes. Save your recovery codes somewhere safe in case you lose access to your two-step authentication method.

Turn on β€œunrecognised login” alerts in the β€œpassword and security” section of the Accounts Centre, which will alert you to any suspicious login activity.

Remove any suspicious β€œfriends” from your account – these could be fake accounts or scammers.

If you are eligible, turn on β€œadvanced protection for Facebook” in the β€œpassword and security” section of the Accounts Centre.

Continue reading...

Β© Photograph: bigtunaonline/Alamy

Β© Photograph: bigtunaonline/Alamy

Β© Photograph: bigtunaonline/Alamy

β€˜Source of data’: are electric cars vulnerable to cyber spies and hackers?

British defence firms have reportedly warned staff not to connect their phones to Chinese-made EVs

Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars?

On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices.

Continue reading...

Β© Photograph: Ying Tang/NurPhoto/REX/Shutterstock

Β© Photograph: Ying Tang/NurPhoto/REX/Shutterstock

Β© Photograph: Ying Tang/NurPhoto/REX/Shutterstock

❌