P
One of the many things I love about this platform is that people can disagree civilly.
So to thank you all, I will share with you the handwritten Mother's Day card my pre-teen granddaughter wrote to me:
Roses are red.
Violets are blue.
Life would suck
Without someone like you.
(Yes, it caught me by a bit of surprise, too.) 
@masek If the sole reason for paying is to reduce harm to the company or entity, then I tend to agree with you.
But let's look at the Instructure situation. It was a #hackandleak situation with data that is not particularly valuable, so why pay, right?
But then the attackers escalated and disrupted Finals week for tens of thousands of schools and millions of students.
And if Instructure hadn't paid, would ShinyHunters keep attacking them and disrupting their ability to provide the software schools rely on? My bet is that they would have.
When Instructure paid, I viewed it as them paying to stop the attacks more than to (just) allegedly delete data.
And that was not to reduce harm to the business, although Lord knows, their reputation was taking quite a hit, but paying reduced the disruption and harm to the students and teachers and schools.
And I'm okay with that. Does the payment reward criminals and make more crime more likely? Maybe. But even if the answer is "definitely," the company had a duty to mitigate harm to those who entrusted them with their data. And if that means paying, then their first duty is still to the ultimate victims and not to other companies.
I feel even more strongly when the target is a healthcare entity and patient services are delayed, or emergency services are diverted elsewhere.
I know, I know.... some people probably hate me for this opinion. To those who disagree with me strongly:
Change my mind. And show me some actual data about how often some gangs do or do not keep their word.
RE: https://infosec.exchange/@amvinfe/116567370386921171
I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics
NEW by me:
A government contractor hired twin brothers who were convicted felons. A year later, it regretted it.
#backgroundcheck #govsec #vendor #contractor #FDIC #Opexus #insider
#databreach
NEW by me:
One size does not fit all -- sometimes, victims probably should pay ransom
NEW:
Yesterday, the USAO in Maryland issued a press release stating that Matthew Bathula, a clinical pharmacy specialist, had been charged with unauthorized access and ID theft involving patients at "Company A" -- a medical system in Maryland. 195 patients have been notified.
If you read the DOJ presser, it alleges a lot of activities that go waaaay beyond the usual insider "snooping."
A little digging revealed that "Company A" is the University of Maryland Medical Center, where Bathula was employed during the years of alleged wrongdoing.
Read the presser and more at:
This won't be the end of this controversy, but a California court did not dismiss claims against Bain Capital over the PowerSchool data breach. In considering the timeline and the private equity firm's actions before and after its acquisition of PowerSchool in 2024, the court noted, in part:
"Post-closing, Bain directed PowerSchool to offshore cybersecurity, engineering, and IT functions to contractors, including offshoring required data-management tools that enabled vendors to bypass consent protocols and access protected school district computers directly.
Bain failed to assess data-breach risks from the offshoring it directed.
Post-closing, Bain directed layoffs of at least 5% of PowerSchool’s workforce, including critical domestic IT staff."
Read more from Womble Bond Dickinson at https://www.womblebonddickinson.com/us/insights/alerts/unprecedented-private-equity-firm-potentially-hook-portfolio-companys-data-breach
h/t, JDSupra, The National Law Review
#EdTech #Liability #negligence #PowerSchool #BainCapital #hackandleak
Another #EdTech vendor has allegedly fallen prey to #ShinyHunters in yet another Salesforce-related hack-and-leak incident.
Follett Software markets Aspen, Destiny, and Classroom Library Manager software to schools.
The threat actors claim to have acquired 4 million records with PII and other corporate files, and have given Follett until May 4 to contact them.
Because this is Salesforce related, there may actually be very little identifiable information about students or personnel in the customer support data, unless district or school personnel gave students' names or details in seeking help with the software or specific problems.
I guess we'll find out soon.
Today, two cybersecurity professionals who made a deal with AlphV/BlackCat to use their #ransomware to attack multiple victims in the U.S. were sentenced to four years in prison. A third co-conspirator has yet to be sentenced.
Two of the three worked for DigitalMint; the third worked for Sygnia. Neither firm had any knowledge of its employees' illegal activities and cooperated fully with law enforcement.
One of the victims was a doctor's office that the defendants had encrypted. Then, when the doctor wouldn't pay, they leaked patient data and wouldn't provide a decryptor.
Both of the defendants sentenced today had pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion in violation of 18 U.S.C. § 1951(a).
They faced maximum sentences of 20 years, but were sentenced to four years.
Goldilocks and the 3 Verdicts Poll:
Does their sentence seem
Almost one year after discovery, Sandhills Medical Foundation notifies 169,017 people affected by a cyberattack
This was an attack by INC Ransom, who dumped the data in June 2025. INC didn't tag it as an encryption invcident -- just as hack, exfil, ransom demand. So I'm not sure why it took Sandhills about a year to make notifications
VECT Ransomware is a Wiper, Not Ransomware — Don’t Bother Paying, Says Check Point Research
You can read their blog post at https://blog.checkpoint.com/security/vect-ransomware-why-paying-wont-get-your-files-back/ or their full report at https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/
(h/t, @cybernews)
I contacted VECT and asked them for their response to #CheckPoint's report. Their response was, um... short? 
#infosecurity #ransomware #decryption #decryptor #VECT #wiper
Tax documents for school employees potentially stolen across Los Angeles County:
At least two districts seem to have reported that employees discovered false tax returns had been filed, but the districts haven't been named, so DataBreaches started looking and may have identified one (then again, it may not be one of them!).
h/t, Los Angeles Daily News
#EduSec #databreach #IDtheft #TaxRefundFraud #cybersecurity #ransomware #Rhysida_Trojan
NEW: My post on the student/k-12 tips exposed in "BlueLeaks 2.0" is now up.
P3 Campus and its partner programs like Safe2Say Something PA, Safe2Tell, and Sandy Hook Promise were supposed to provide secure and anonymous ability to report tips.
Promises of security and anonymity do not appear to have been kept. A hacker claims it was easy to gain access and repeatedly access the database to acquire more than 8 million tips.
There is not much anonymous about what I reviewed in the dataset.
Many of the school-related tips I reviewed reported concerns over named students with suicidal ideation or cutting, students being bullied or bullying others, and drugs (mostly vaping) in school. Some students reported cybercriminal activity.
Navigate360, the parent company of P3, still hasn't publicly acknowledged that it was breached and that sensitive information was involved. Their lack of transparency was noted by @douglevin
The dataset has not been leaked publicly, but the "Internet Yiff Machine" who provided it to #ddosecrets and @mikaelthalen -- and then to me -- has listed it for sale.
My focus in this post was on the student/school -related tips, but the 93.51 GB dataset has millions of tips that include adult issues and crimes, including drugs, homicide, assaults, etc. I provide one or two examples from the non-student tips to illustrate how sensitive the tips are in this dataset.
This may be the worst breach I've ever seen involving sensitive student information, and I've seen many student-related data breaches over the past two decades.
Read: "P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next.'" at https://databreaches.net/2026/04/16/p3-advertised-20-years-and-0-security-breaches-you-can-guess-what-happened-next/
#BlueLeaks2 #DDoSecrets #databreach #P3Campus #P3Tips #Navigate360 #CrimeStoppers #Safety #Safe2tell #InternetYiffMachine
@zackwhittaker @campuscodi @jgreig @euroinfosec @funnymonkey @mkeierleber
