<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Data Breaches &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/data-breaches/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Thu, 25 Sep 2025 16:34:30 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Abusing Notion’s AI Agent for Data Theft</title>
		<link>https://noise.getoto.net/2025/09/29/abusing-notions-ai-agent-for-data-theft/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 29 Sep 2025 11:07:38 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[trust]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70883</guid>

					<description><![CDATA[<p>Notion <a href="https://www.notion.com/blog/introducing-notion-3-0">just released</a> version 3.0, complete with AI agents. Because the system contains Simon Willson’s <a href="https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/">lethal trifecta</a>, it’s vulnerable to data theft though prompt injection.</p>
<p>First, the trifecta:</p>
<blockquote><p>The lethal trifecta of capabilities is:</p>
<ul>
<li><b>Access to your private data</b>—one of the most common purposes of tools in the first place!
</li><li><b>Exposure to untrusted content</b>—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
</li><li><b>The ability to externally communicate</b> in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)...</li></ul></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>How the Solid Protocol Restores Digital Agency</title>
		<link>https://noise.getoto.net/2025/07/24/how-solid-protocol-restores-digital-agency/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 24 Jul 2025 11:04:48 +0000</pubDate>
				<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[data privacy]]></category>
		<category><![CDATA[identification]]></category>
		<category><![CDATA[integrity]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70503</guid>

					<description><![CDATA[<p>The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. These entities collect, store, and trade your data, often without your knowledge or consent. It’s both redundant and inconsistent. You have hundreds, maybe thousands, of fragmented digital profiles that often contain contradictory or logically impossible information. Each serves its own purpose, yet there is no central override and control to serve you—as the identity owner...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>FBI Seizes BreachForums Website</title>
		<link>https://noise.getoto.net/2024/05/17/fbi-seizes-breachforums-website/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 17 May 2024 11:09:17 +0000</pubDate>
				<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[leaks]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68931</guid>

					<description><![CDATA[<p>The FBI has <a href="https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/">seized</a> the BreachForums website, used by ransomware criminals to leak stolen corporate data.</p>
<blockquote><p>If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations.</p>
<p>[…]</p>
<p>The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.</p>
<p>The seizure messages include ways to contact the FBI about the seizure, including an email, a Telegram account, a TOX account, and a dedicated page hosted on the FBI’s Internet Crime Complaint Center (IC3)...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Ransomware Gang Files SEC Complaint</title>
		<link>https://noise.getoto.net/2023/11/17/ransomware-gang-files-sec-complaint/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 17 Nov 2023 16:31:50 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68115</guid>

					<description><![CDATA[<p>A ransomware gang, annoyed at not being paid, <a href="https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/">filed an SEC complaint</a> against its victim for not disclosing its security breach within the required four days.</p>
<p>This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Former Uber CISO Appealing His Conviction</title>
		<link>https://noise.getoto.net/2023/10/19/former-uber-ciso-appealing-his-conviction/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 19 Oct 2023 11:08:36 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[ftc]]></category>
		<category><![CDATA[regulation]]></category>
		<category><![CDATA[uber]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67968</guid>

					<description><![CDATA[<p>Joe Sullivan, Uber’s CEO during their 2016 data breach, is <a href="https://www.darkreading.com/attacks-breaches/former-uber-ciso-appeals-conviction-over-2016-data-breach">appealing</a> his conviction.</p>
<blockquote><p>Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have informed the FTC of the 2016 incident, but instead went out of his way to conceal it from them.</p>
<p>Prosecutors also accused Sullivan of attempting to conceal the breach itself by paying $100,000 to buy the silence of the two hackers behind the compromise. Sullivan had characterized the payment as a bug bounty similar to ones that other companies routinely make to researchers who report vulnerabilities and other security issues to them. His lawyers pointed out that Sullivan had made the payment with the full knowledge and blessing of Travis Kalanick, Uber’s CEO at the time, and other members of the ride-sharing giant’s legal team...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Stalkerware Vendor Hacked</title>
		<link>https://noise.getoto.net/2023/06/28/stalkerware-vendor-hacked/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 28 Jun 2023 11:17:09 +0000</pubDate>
				<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[stalking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67490</guid>

					<description><![CDATA[<p>The stalkerware company LetMeSpy has been <a href="https://techcrunch.com/2023/06/27/letmespy-hacked-spyware-thousands/">hacked</a>:</p>
<blockquote><p>TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013.</p>
<p>The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.)</p>
<p>[…]</p>
<p>The database also contained over 13,400 location data points for several thousand victims. Most of the location data points are centered over population hotspots, suggesting the majority of victims are located in the United States, India and Western Africa...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>SolarWinds and Market Incentives</title>
		<link>https://noise.getoto.net/2023/02/08/solarwinds-and-market-incentives/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 08 Feb 2023 11:46:43 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[economics of security]]></category>
		<category><![CDATA[essays]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66762</guid>

					<description><![CDATA[<p>In early 2021, <em>IEEE Security and Privacy</em> asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response.</p>
<p>The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to focus on one important one we’ve learned: the software that’s managing our critical networks isn’t secure, and that’s because the market doesn’t reward that security.</p>
<p>SolarWinds is a perfect example. The company was the initial infection vector for much of the operation. Its trusted position inside so many critical networks made it a perfect target for a supply-chain attack, and its shoddy security practices made it an easy target...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>LastPass Breach</title>
		<link>https://noise.getoto.net/2022/12/26/lastpass-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 26 Dec 2022 12:06:18 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cloud computing]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[Password Safe]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66411</guid>

					<description><![CDATA[<p>Last August, LastPass <a href="https://www.schneier.com/blog/archives/2022/12/lastpass-security-breach.html">reported</a> a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story <a href="https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/">is worse</a>:</p>
<blockquote><p>While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.</p>
<p>[…]</p>
<p>To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Conviction of Uber’s Chief Security Officer</title>
		<link>https://noise.getoto.net/2022/11/07/the-conviction-of-ubers-chief-security-officer/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 07 Nov 2022 12:17:15 +0000</pubDate>
				<category><![CDATA[courts]]></category>
		<category><![CDATA[cover-ups]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[Data protection]]></category>
		<category><![CDATA[uber]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66034</guid>

					<description><![CDATA[I have been meaning to write about Joe Sullivan, Uber&#8217;s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It&#8217;s a complicated case, and I&#8217;m not convinced that he deserved a gui...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Australia Increases Fines for Massive Data Breaches</title>
		<link>https://noise.getoto.net/2022/10/26/australia-increases-fines-for-massive-data-breaches/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 26 Oct 2022 11:13:48 +0000</pubDate>
				<category><![CDATA[australia]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[incentives]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66012</guid>

					<description><![CDATA[After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That&#8217;s $50 million AUD, or $32 million USD.)
This i...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Massive Data Breach at Uber</title>
		<link>https://noise.getoto.net/2022/09/16/massive-data-breach-at-uber/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 16 Sep 2022 14:07:13 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Phishing]]></category>
		<category><![CDATA[Social Engineering]]></category>
		<category><![CDATA[uber]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65880</guid>

					<description><![CDATA[<p>It’s <a href="https://www.nytimes.com/2022/09/15/technology/uber-hacking-breach.html">big</a>:</p>
<blockquote><p>The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.</p>
<p>“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”</p></blockquote>
<p>It looks like a pretty basic phishing attack; someone gave the hacker their login credentials. And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Signal Phone Numbers Exposed in Twilio Hack</title>
		<link>https://noise.getoto.net/2022/08/23/signal-phone-numbers-exposed-in-twilio-hack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 23 Aug 2022 11:30:40 +0000</pubDate>
				<category><![CDATA[cell phones]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[signal]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65797</guid>

					<description><![CDATA[<p>Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users <a href="https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/">were</a> <a href="https://support.signal.org/hc/en-us/articles/4850133017242">exposed</a>:</p>
<blockquote><p>Here’s what our users need to know:</p>
<ul>
<li>All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.
</li><li>For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected...</li></ul></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Syniverse Hack</title>
		<link>https://noise.getoto.net/2021/10/06/syniverse-hack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 06 Oct 2021 14:19:18 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63737</guid>

					<description><![CDATA[This is interesting:
A company that is a critical part of the global telecommunications infrastructure used by AT&#038;T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were insid...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Excellent Write-up of the SolarWinds Security Breach</title>
		<link>https://noise.getoto.net/2021/08/30/excellent-write-up-of-the-solarwinds-security-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 30 Aug 2021 11:24:06 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[reports]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63616</guid>

					<description><![CDATA[Robert Chesney wrote up the Solar Winds story as a case study, and it&#8217;s a really good summary.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Details of the Recent T-Mobile Breach</title>
		<link>https://noise.getoto.net/2021/08/27/details-of-the-recent-t-mobile-breach/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 27 Aug 2021 13:37:12 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cell phones]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[T-Mobile]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63614</guid>

					<description><![CDATA[Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security.
I&#8217;ve lost count of how many times T-Mobile has been hacked.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Finnish Data Theft and Extortion</title>
		<link>https://noise.getoto.net/2020/12/10/finnish-data-theft-and-extortion/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 10 Dec 2020 19:48:18 +0000</pubDate>
				<category><![CDATA[blackmail]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[Healthcare]]></category>
		<category><![CDATA[theft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60570</guid>

					<description><![CDATA[<p>The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the <a href="https://www.cyberscoop.com/finnish-psychotherapy-data-breach-vastaamo/">patients</a>:</p>
<blockquote><p>Neither the company nor Finnish investigators have released many details about the nature of the breach, but reports say the attackers initially sought a payment of about 450,000 euros to protect about 40,000 patient records. The company reportedly did not pay up. Given the scale of the attack and the sensitive nature of the stolen data, the case has become a national story in Finland. Globally, attacks on health care organizations have escalated as cybercriminals look for higher-value targets...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 40/260 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-08 18:51:07 by W3 Total Cache
-->