when companies make it very easy to get access to unsecured production assets. You don’t need a “nation state” to infiltrate anymore.
Companies do not care about your private data. A data breach is now considered priced in. It’s a footnote in the quarterly reports.
Maybe lasts half a news cycle until media brings up presidential candidate age/competence.
What we need is a legal framework to decide how much these companies will get fined. We need billions of dollars in fines to bring them to their knees and get their shit in order. We also need execs to get jail time for their negligence.
CHC was hacked by a hacker collective called AlphV. United Healthcare (CHC’s parent company) paid a ransom of $28m iirc, which AlphV allegedly rug pulled.
So the hackers that did the hack itself didn’t get paid and retained the data. Wild ride.
Nation-states would definitely be interested in medical claims data at the scale of CHC. One of the payers is called CHAMPUS, which covers active and retired service members and their families. This is indicated on the claims. So leaking these claims gives access to where service members live and who their family members are.
Since military bases in the US tend to have specific units and specialties, you can get a good approximation for how the military is allocating its strength. Plus you know who to blackmail.
I would guess it's mostly phishing. Even if people are educated about it, it only takes one mistake of opening an attachment or entering a password in a reasonably good fake form.
the people who recently leaked a bunch of governmental memos about the republican party a day ago were all furries who were dissatisfied with their far-right hatred of trans people.
Maybe, some highly educated people are just fed up and calling their senators doesn't seem to get anything done?
- Nation-states?
- Criminals?
- 3rd party actors on behalf of nation states?
It seems like there are different levels of security at play.