United Kingdom
UK to ban public sector orgs from paying ransomware gangs
The United Kingdom’s government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. The list of entities that would have to follow the new proposed legislation includes local councils, schools, and the publicly funded National Health Service (NHS). “Ransomware is estimated to cost the UK economy millions of […]
Co-op confirms data of 6.5 million members stolen in cyberattack
UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. Co-op (short for the Co-operative Group) is one of the United Kingdom’s largest consumer co-operatives, operating food stores, funeral services, insurance, and legal […]
UK launches vulnerability research program for external experts
UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve […]
Four arrested in UK over M&S, Co-op, Harrods cyberattacks
The UK’s National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. The arrested individuals are two 19-year-old males, one 17-year-old male, and a 20-year-old female, who were apprehended earlier today in their homes in London and the West […]
UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data
The UK Information Commissioner’s Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over ‘serious security failings’ that led to a ‘profoundly damaging’ data breach in 2023. The data protection watchdog said today that 23andMe failed to protect the sensitive data of UK residents who had their genotype data, health reports, and personal […]
Hackers switch to targeting U.S. insurance companies
Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. Typically, the threat group has a sector-by-sector focus. Previously, they targeted retail organizations in the United Kingdom and then switched to targets in the same sector in the United States. “Google […]
Marks & Spencer faces $402 million profit hit after cyberattack
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. In a Wednesday filing with the London Stock Exchange, the company cited losses related to recovery efforts, systems downtime, and significant […]
O2 UK patches bug leaking mobile user location from call metadata
A flaw in O2 UK’s implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. The problem was discovered by security researcher Daniel Williams. The flaw likely existed on O2 UK’s network since February 2023, and was resolved yesterday. O2 UK is […]
UK Legal Aid Agency confirms applicant data stolen in data breach
The United Kingdom’s Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. This confirmation of the data breach incident comes from the UK government, which was closely involved in the investigations that followed the […]
Hackers behind UK retail attacks now targeting US companies
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. “The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Chief Analyst at […]