I may have to add Moldova to my list of countries I may not be able to visit. I just posted a two-fer involving two of their government portals:

https://databreaches.net/2026/02/19/data-protection-failures-on-moldovan-portals-exposed-citizens-to-risk/ is about a long-time IDOR incident that exposed the personal info of everyone who ever used the govt portal to apply for a job. The vulnerability was brought to my attention by a student who was frustrated with his government's lack of response to his attempts to get them to address it.

and

https://databreaches.net/2026/02/19/leaked-data-raises-questions-about-hackers-claims-and-moldovas-prior-denial/ discusses an alleged hack by Bashe Team of another portal used by Moldovan residents to apply for energy compensation.

In May 2025, the government had denied claims that access to the compensation portal had been sold. "No evidence.... smoke and mirrors... " they claimed.

Fast forward to January 2026, and data from that portal and timeframe was leaked after Bashe Team claimed to have hacked it. But while the data appear to be real, Bashe Team's claims about how and when they acquired it didn't check out.

Bashe Team seems to be allergic to telling the truth about their listings. @cloudsek noted their less-than-honest claims in 2025; DataBreaches.net notes it now, and @amvinfe has also noted it in his new reporting on #SuspectFile.

#databreach #leak #vulnerability #cariere #compensatii #govsec #cybersecurity #Bashe #APT73 #Eraleign

@campuscodi @euroinfosec @lawrenceabrams

Treasury cancels all Booz Allen Hamilton contracts after an insider leaked IRS data impacting ~406K taxpayers.

A clear warning on insider threat controls and contractor accountability.

🔗 https://www.technadu.com/u-s-treasury-cancels-booz-allen-hamilton-contracts-former-contractor-pleads-guilty-to-taxpayer-data-breach/619151/

#InfoSec #InsiderThreat #DataProtection #GovSec

Alleged doxing attack: Hacker “Vindex” leaks personal data of Spanish transport officials after Adamuz train crash.

Spanish National Police have launched a cyberterrorism investigation into the politically motivated breach.

https://www.technadu.com/hacker-leaks-alleged-data-of-three-spanish-transport-ministry-officials-after-adamuz-train-crash/618991/

Where do activism and cybercrime collide?

#Doxing #GovSec #Cybercrime #InfoSec #DataLeak

I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

"Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
https://databreaches.net/2025/12/09/tell-the-truth-or-someone-will-tell-it-for-you-trumbull-county-ohio-edition/

#databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

🔎 Tomiris ramps up HIGH-severity attacks on government orgs, using Telegram & Discord for stealthy C2. Modular implants, spear-phishing (RAR archives), and open-source C2 frameworks in play. Monitor for suspicious traffic! https://radar.offseq.com/threat/tomiris-shifts-to-public-service-implants-for-stea-b3901418 #OffSeq #ThreatIntel #GovSec

Data breach detected in #Indonesia 🇮🇩 targeting the human resources development agency of Mojokerto Regency. Confidence level: Medium. #DataBreach #GovSec #CyberThreats

Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.

Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.

How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:

Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/

#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec

@zackwhittaker @euroinfosec @campuscodi @JayeLTee

Kaufman County, Texas has been the victim of TWO cyberattacks in October.

The media now reports, "With two events in the same month, questions are now being raised about the overall security of Kaufman County’s computer systems and whether adequate safeguards are in place to prevent future compromises."

Ya think?

There's currently no information that has been disclosed as to whether the two attacks were carried out by the same attackers or if they involved the same means of access. But PII was impacted in the first one, and the second attack has affected county operations by encrypting files.

#databreach #govsec #cybersecurity

According to a new state auditor's report, nearly a third of Mississippi's state agencies fail cybersecurity requirements

Media coverage: https://vicksburgnews.com/shad-whites-office-finds-nearly-a-third-of-state-agencies-fail-cybersecurity-requirements/

Direct link to state report: https://www.osa.ms.gov/sites/default/files/osa/files/reports/252025%20Review%20of%20Mississippi%20Enterprise%20Security%20Program%20Compliance%20%28Cybersecurity%29.pdf

#Audit #cybersecurity #govsec #Mississippi #ComplianceTech

From the Minnesota Star Tribune:

"Secretary of Defense Pete Hegseth considered sending an elite U.S. Army strike force to Portland, Ore., to quell protests that President Donald Trump has characterized as “lawless mayhem,” according to images of messages provided to the Minnesota Star Tribune.

The messages, casually exchanged last weekend in a crowded, public space, show high-level officials in the Trump administration discussing the deployment of the Army’s 82nd Airborne, an infantry division that has been parachuted into combat zones in both world wars, Vietnam and Afghanistan. If the administration were to send in the Army division, it would almost certainly be challenged in court under federal laws limiting how the military can be used domestically."

Read more at https://www.startribune.com/trump-officials-discussed-sending-elite-army-division-to-portland-text-messages-show/601485729

#NatSec #GovSec #IdiotsAbound #infosecurity

Ok, so if anyone needs to raise their blood pressure, consider this:

Remember the Rhysida cyberattack affecting Columbus, where a researcher attempted to refute the city's claims about the severity of the breach, and the city obtained an injunction gagging him, subsequently suing him, etc.?

There was a class action lawsuit against the city over the breach that got dismissed.

Why did the suit get dismissed? Because under state law, the city IT was immune.

So, the whistleblower can be sued by the city for discussing the breach, but the city cannot be sued for its subpar cybersecurity that resulted in the theft of data from 500,000 people.

https://myfox28columbus.com/news/local/judge-throws-out-lawsuit-against-columbus-over-data-breach-ransomware-hack-rhysida-franklin-county-ohio

#govsec #ransom #databreach #cybersecurity #freespeech

@chum1ng0 Thanks for that write-up.

"The incident affected the National Health Plan Monitoring and Evaluation System (SIMEPLANS), which houses the Ministry's policies, regulations, and annual planning. The data contained in this system is public and does not include sensitive patient information."

Passwords and login credentials are public? I agree with you that their statement sounds a bit "off."

#databreach #govsec

In early August, the Pennsylvania Office of the Attorney General was hit by a ransomware attack that left them unable to access archived emails, files, and internal systems crucial to pursuing cases on behalf of the commonwealth.

There was a ransom demand, but the state refused to pay.

Today, INC Ransom added the Office of the Attorney General to its dark web leak site, as per ransomlook[.io]. But the listing doesn't show up on the leak site at this time, so it's not clear whether INC Ransom has actually leaked any data or not at this point.

The state indicated it's still trying to figure out who may need to be notified. They have only notified a few people at this point.

The state's most recent update was on September 17:

https://www.attorneygeneral.gov/taking-action/office-of-attorney-general-provides-update-on-cyber-incident-that-impacted-operations/

#databreach #ransomware #govsec #INCransom #cybersecurity

Cue "Breaking Up is Hard To Do" as background music for this one:

Less than one hour after posting their "goodbye" message about how they're going silent, ShinyHunters/LAPSUS$/ScatteredSpider posted redacted screengrabs that look like were taken from CJIS.

The group had claimed they have hit some gov agencies -- including "highly secured ones," but had not responded to inquiries about which agencies.

And now they post this.

So... it's unconfirmed at this point, but has CJIS been hacked by these threat actors? I've sent an inquiry to #DOJ, but I don't expect to hear back quickly on this one.

#databreach #govsec #cybersecurity #CJIS

@sebgogola I should probably post an update on the situation because I am now also totally disgusted with the FBI who have done NOTHING USEFUL AT ALL when all they should have done is pick up the g.d. phone or knock on the door of the vendor and tell them to lock down the clients' shares that are exposed before even more of them get locked by threat actors.

(yes, I'm screaming)

But did they contact the vendor? Not to my knowledge. In fact, the Mississippi FBI passed me over to IC3, who then didn't contact me and passed it back to Mississippi who then reportedly passed it to another office.

Hey, Donald Trump and Kash Patel: this is your FBI. At least three court systems have their records exposed by a vendor who does not respond to alerts.

#DataLeak #GovSec #Cybersecurity #IncidentResponse

Well, I've had it. The firm responsible for exposed court and prosecution files from at least two states has not responded to phone calls, emails, LinkedIn messages, or contacts by their host.

On Saturday, I called the FBI tip line and let them know what's going on. Maybe the FBI will call me and ask me for the IP addresses so they can call the firm and tell them to lock down the damned shares.

Then today, I filed a formal #FTC complaint against the firm for violation of Section 5 of the FTC Act for its inadequate security, its failure to have any procedure to receive, evaluate, and escalate third -party alerts of security issues, and for using the same password in all client installations for a Msql SQL database.

And oh, last night I learned that a court system in a third state was not only exposed, too, but was hit by ransomware in March. Lovely.

#cybersecurity #infosec #incidentresponse #FTC #govsec #judiciary #dataleak #databreach

Correcting this because it looks like this doesn't involve any federal court. But there are exposed sensitive records, some of which were ordered sealed.

NEW: Federal judiciary says it is boosting security after cyberattack; researcher finds new leaks

More of those frustrating leaks where, despite our best efforts, we have been unable to get the network shares locked down so far, even with the host's assistance.

This one involves two courts: and yes, we saw some files that were supposed to be sealed or confidential.

https://databreaches.net/2025/08/10/federal-judiciary-says-it-is-boosting-security-after-cyberattack-researcher-finds-new-leaks/

#dataleak #infosec #cybersecurity #databreach #govsec

NEW:

Paying cyberattackers is wrong, right? Should Taos County's incident be an exception?

CAUTION: Post contains mention of CSA:

https://databreaches.net/2025/07/23/paying-cyberattackers-is-wrong-right-should-taos-countys-incident-be-an-exception/

#databreach #extortion #govsec #cybersecurity #accountability

A state forensics lab was leaking its files. Getting it locked down involved a number of people, notably @JayeLTee and @masek , although yours truly was also involved, as were others:

https://databreaches.net/2025/06/22/a-state-forensics-lab-was-leaking-its-files-getting-it-locked-down-involved-a-number-of-people/

#dataleak #responsibledisclosure #infosec #govsec

Related:
https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts

https://blog.literarily-starved.com/2025/06/postmortem-assumed-doj-montana-leak-of-phone-dumps/

York County, Pennsylvania incident:

An employee of a vendor that had been hired to develop software for York County Civil Courts was provided “with certain York County Civil Courts data to use for software development and testing purposes. The employee subsequently left the vendor’s employment without returning this data,” according to the county's press release.

So it seems they gave the vendor's employee REAL data to use for development and testing -- with "contact information, Social Security numbers, driver’s license or state ID card numbers, financial and medical information"

And of course, there's no evidence of misuse, but they have referred the matter to law enforcement.....

h/t, https://www.pennlive.com/news/2025/05/central-pa-county-alerts-residents-of-potential-data-leak.html

#infosecurity #govsec #insiderthreat