Geisinger recently disclosed that on 29 November, a former Nuance Communications employee detected unauthorised patient data access just two days after the employee’s termination. Nuance Communications, a technology service provider owned by Microsoft, has access to Geisinger’s patient records as part of their IT services agreement.
Upon notification of the breach, Nuance promptly revoked the ex-employee’s access to Geisinger’s records and initiated an investigation to assess the incident’s extent. Subsequent findings revealed that the former employee had illicitly obtained information about over one million Geisinger patients. The compromised data included details such as names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, and facility name abbreviations.
Geisinger clarified that sensitive information like claims or insurance details, credit card numbers, bank account information, and Social Security numbers remained secure and were not accessed by the ex-employee. Following a thorough investigation, the former Nuance employee was apprehended and is currently facing federal charges. Geisinger’s chief privacy officer, Jonathan Friesen, emphasised the organisation’s commitment to safeguarding patient privacy, stating, ‘Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously.’ Friesen expressed gratitude for the swift resolution of the case while acknowledging the unfortunate breach.
The former Nuance employee, Max Vance, is now undergoing legal proceedings at the US Middle District Court in Williamsport. Geisinger has advised all impacted individuals to remain vigilant by monitoring their credit reports, account statements, and benefits for any unusual activity. In case of suspicion, affected individuals are urged to report such incidents to the relevant authorities, including law enforcement agencies and the state attorney general.
Evolve Bank and Trust, a prominent financial institution favoured by fintech startups, disclosed on Wednesday that it was victim to a cyberattack and data breach that may have impacted its affiliated companies. According to the company’s statement, the incident involved the personal information and data of some Evolve retail bank customers.
The cybercriminals linked to the breach are believed to be the infamous ransomware gang LockBit, which purportedly shared data stolen from Evolve on its dark web leak site. Evolve’s website lists several companies as partners that rely on the bank to provide various financial and lending services.
The spokesperson of one of the partner companies Affirm, posted on X that the company is investigating the incident and will directly communicate with affected consumers as more information becomes available. Affirm also notified its customers about the breach and assured them that it is safe to use their card and Money Accounts while the investigation continues.
As an Affirm Card user, we wanted to alert you of a recent cybersecurity incident at Evolve Bank and Trust, an issuing partner on the Affirm Card (not an originating bank partner for Affirm loans). pic.twitter.com/3EritQ3bSN
Other partner companies also spoke up. EarnIn’s spokesperson, Stephanie Borman, mentioned that the company is closely monitoring the situation. Marqeta’s spokesperson, Kelly Kraft, acknowledged the breach and highlighted that Evolve supports a portion of their business. Melio’s co-founder and CEO, Matan Bar, confirmed awareness of the breach and assured customers that operations remain unaffected. Finally, Mercury, another partner of Evolve, disclosed that the breach impacted company records including account numbers, deposit balances, business owner names, and emails.
We are aware of a cybersecurity attack that breached the security systems of one of our partner banks, Evolve Bank & Trust, which leaked their records, including some account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech…
As more affected companies step forward, the full extent of the breach’s impact on Evolve’s customers and partners will likely become clearer. Evolve has recently made headlines for issues related to its fintech collaborations, with the Federal Reserve ordering the bank to enhance its risk management programs concerning fintech partnerships and anti-money laundering laws.
President of Indonesia Joko Widodo has ordered an audit of government data centres following a significant ransomware cyberattack that exposed the country’s vulnerability to such incidents.
The attack, which disrupted multiple government services, including immigration and airport operations, affected over 230 public agencies. Despite an $8 million ransom demand, the government of Indonesia has refused to pay to retrieve the encrypted data.
In response, state auditor Muhammad Yusuf Ateh announced that the audit would examine both the governance and financial aspects of the data centres. The head of Indonesia’s cybersecurity agency, Hinsa Siburian, revealed that 98% of the compromised data had not been backed up, highlighting a major governance issue.
Communications Minister Budi Arie Setiadi acknowledged that while backup capacity was available, budget constraints had prevented its use, which will now be made mandatory.
The cyberattack has led to widespread criticism of Minister Setiadi, with digital advocacy group SAFEnet calling for his resignation due to repeated cyberattacks.
Setiadi countered with a petition to stay on as minister and informed parliament that a ‘non-state actor’ seeking money was likely behind the attack. The government aims to fully restore services by August, using backup data centres and improved cybersecurity measures.
Why does it matter?
The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid technological advancements do not come at the expense of human employment.
German software company TeamViewer announced on Friday that it was the target of a cyberattack earlier this week. The company accused the hacker group APT29 from Russia, known as ‘Cozy Bear’ or Midnight Blizzard, of being behind the breach. Western intelligence agencies allege that APT29 operates on behalf of Russia’s foreign spy agency.
The attack occurred on Wednesday, with the hackers gaining access to TeamViewer’s corporate IT environment. However, the company confirmed that neither its product environment nor customer data were compromised. The news follow a similar incident in March, where Alphabet’s Mandiant cyber unit caught the same group attempting to trick key German political figures with a phishing email.
The cyberattack has had immediate financial repercussions for TeamViewer. As of 1152 GMT, shares in the company had dropped by 10%, marking their worst trading day since November 2023. The incident underscores the persistent threat of cyberespionage faced by companies worldwide.
Time magazine has entered a multi-year agreement with OpenAI, granting the AI firm access to its news archives. The deal allows OpenAI’s ChatGPT to cite and link back to Time.com in user queries, although financial details were not disclosed. OpenAI, led by Sam Altman, has forged similar partnerships with prominent media outlets such as the Financial Times, Axel Springer, Le Monde, and Prisa Media.
These collaborations help train and enhance OpenAI’s products while providing media companies access to AI technology for developing new products. Despite some media companies suing OpenAI over content usage, such partnerships are crucial for training AI models and offer a potential revenue stream for news publishers. Such a trend comes amid broader industry tensions, highlighted by Meta’s decision to block news sharing in Canada following new legislation requiring payment for news content.
Why does it matter?
The OpenAI-Time deal is part of a larger movement where publishers seek fair compensation for their content amid the rise of generative AI, which has prompted discussions on ethical content usage and compliance with web standards.
OpenAI has made a pivotal advancement in the AI sector by acquiring Rockset, known for its search and analytical database technology. The acquisition is a strategic move to elevate OpenAI’s data processing and utilisation capabilities.
By integrating Rockset’s advanced infrastructure into its product suite, OpenAI aims to significantly enhance its AI tools, making data retrieval more precise and actionable. Founded in 2016 by former Meta engineers, Rockset excels in cloud-based data management, including real-time streaming data ingestion and sophisticated querying for time series, geospatial, and vector data.
Notably, its recent Approximate Nearest Neighbour (ANN) search upgrade boosts AI efficiency through rapid similarity searches across large datasets. With an acquisition valued at several hundred million dollars, OpenAI seeks to address business challenges in data integration with AI systems, thereby improving the accuracy and utility of its offerings, such as ChatGPT.
Brad Lightcap, OpenAI’s COO, highlighted customer benefits, emphasising Rockset’s ability to turn data into actionable insights. He reassured existing Rockset clients of a smooth transition, ensuring service continuity during the integration.
A strategic move like this underscores OpenAI’s dedication to enhancing AI accessibility and functionality, promising significant improvements in data-driven AI applications.
Russian hackers breached Microsoft systems earlier this year, stealing emails from Microsoft staff and its customers, according to the tech giant. The disclosure highlights the extensive scope of the breach, adding to the regulatory scrutiny Microsoft faces over the security of its software and systems. The hackers, identified as the Midnight Blizzard threat actor, targeted cybersecurity researchers investigating Russian hacking activities.
Microsoft has been notifying affected customers, although the company has not disclosed the number of customers or emails impacted. Initially revealed in January as affecting a small percentage of corporate email accounts, the breach continued to pose threats for months, raising concerns among the security industry and prompting a Congressional hearing. In response, Microsoft President Brad Smith stated the company is working on overhauling its security practices.
Arkansas-based Evolve Bank and Trust confirmed a cyberattack that led to customer data being leaked on the dark web. The cybercrime group Lockbit 3.0 claimed responsibility for the hack, demanding a ransom from the Federal Reserve. The bank has involved law enforcement in the investigation, providing free credit monitoring and identity theft protection to affected customers.
The breach follows a directive from the US Federal Reserve for Evolve to improve its risk management and compliance with anti-money laundering regulations. Additionally, Fintech company Mercury revealed that some of its customers’ account numbers and deposit balances were compromised, and those affected have been informed and given preventive measures.
Why does it matter?
The cyberattack on Evolve Bank exposed sensitive customer data to potential misuse, including identity theft and financial fraud. It highlights vulnerabilities in financial institutions’ cybersecurity defences, prompting data protection and regulatory compliance concerns.
Microsoft has stated it will keep providing eligible customers in Hong Kong with access to OpenAI’s AI models, like ChatGPT, via its Azure cloud platform. The decision stands despite OpenAI’s recent move to restrict API access from unsupported areas, including mainland China and Hong Kong.
OpenAI, with Microsoft as its biggest investor, notified developers in unsupported regions that it would begin blocking API access on 9 July. That step aligns with the US government’s efforts to curb China’s access to advanced AI technology due to national security concerns.
Microsoft’s local branch assured there will be no changes to their Azure OpenAI service offerings in Hong Kong. Although OpenAI’s services are not officially available in mainland China and Hong Kong, users in these regions often circumvent restrictions using virtual private networks or proxies.
Why does this matter?
The restriction by OpenAI aligns with broader US efforts to limit China’s access to advanced technology, reflecting ongoing tensions and strategic competition between the US and China. Microsoft’s decision to maintain services in Hong Kong contrasts with OpenAI’s broader restrictions, potentially pushing Chinese developers toward local AI platforms such as Zhipu AI, Baichuan, and those from major tech companies like Alibaba and Baidu. These local alternatives offer incentives to attract users impacted by OpenAI’s new policies.
Reddit has announced updates to its Robots Exclusion Protocol (robots.txt file), which regulates automated web bot access to websites. Traditionally used to allow search engines to index site content, the protocol now faces challenges with AI-driven scraping for model training, often without proper attribution.
In addition to the revised robots.txt file, Reddit will enforce rate limits and blocks on unidentified bots and crawlers. According to multiple sources, these measures apply to entities not complying with Reddit’s Public Content Policy or lacking formal agreements with the platform. The changes are aimed at deterring AI companies from using Reddit content to train large language models without permission. Despite these updates, AI crawlers could potentially disregard Reddit’s directives, as highlighted by recent incidents.
Recently, Wired uncovered that AI-powered startup Perplexity continued scraping Reddit content despite being blocked in the robots.txt file. Perplexity’s CEO argued that robots.txt isn’t legally binding, raising questions about the effectiveness of such protocols in regulating AI scraping practices.
Reddit’s updates will exempt authorised partners like Google, with whom Reddit has a substantial agreement allowing AI model training on its data. This move signals Reddit’s stance on controlling access to its content for AI training purposes, emphasising compliance with its policies to safeguard user interests.
These developments align with Reddit’s recent policy updates, underscoring its efforts to manage and regulate data access and use by commercial entities and partners.
