A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law.
The Social Media Use by Minors bill was “indefinitely postponed” and “withdrawn from consideration” in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.
The bill would have required social media firms to “provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena,” which are typically issued by law enforcement agencies and without judicial oversight.
Digital rights group the Electronic Frontier Foundation called the bill “dangerous and dumb.” Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.
Keep reading the article on Tech Crunch
In April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents.
At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users have switched to a different telecom provider following the data breach. He said he expects this number to reach 2.5 million, more than tenfold the current amount, if the company waives cancellation fees.
The company could lose up to $5 billion (around ₩7 trillion) over the next three years if it decides not to charge cancellation fees for users who want to cancel their contract early, Ryu said at the hearing.
“SK Telecom considers this incident the most severe security breach in the company’s history and is putting forth our utmost effort to minimize any damage to our customers,” a spokesperson at SKT told TechCrunch in an emailed statement. “The number of customers affected and the entity responsible for the hacking is under investigation,” the spokesperson added.
A joint investigation involving both public and private entities is currently underway to identify the specific cause of the incident.
The Personal Information Protection Committee (PIPC) of South Korea announced on Thursday that 25 different types of personal information, including mobile phone numbers and unique identifiers (IMSI numbers), as well as USIM authentication keys and other USIM data, had been exfiltrated from its central database, known as its home subscriber server. The compromised data can put customers at greater risk of SIM swapping attacks and government surveillance.
After its official announcement of the incident on April 22, SKT has been offering SIM card protection and free SIM card replacements to prevent further damage to its customers.
“We detected possible information leakage regarding SIM on April 19,” the spokesperson at SKT told TechCrunch. “Following the identification of the breach, we immediately isolated the affected device while thoroughly investigating the entire system.”
“To further safeguard our customers, we are currently developing a system that can protect users’ information through the SIM protection service while allowing them to use roaming services seamlessly outside of Korea by May 14,” the spokesperson said.
To date, SKT has not received any reports of secondary damage and no verified instances of customer information being distributed or misused on the dark web or other platforms, the company told TechCrunch.
SKT detected abnormal activities on April 18 at 11:20 p.m. local time. SKT found unusual logs and signs of files having been deleted on equipment that the company uses for monitoring and managing billing information for its customers, including data usage and call durations.
The company identified a data breach on April 19 in its home subscriber server in Seoul, which typically houses subscriber information, including authentication, authorization, location, and mobility details.
SKT reported the cyberattack incident toKorea’s cybersecurity agency.
SKT confirmed on its website that it detected suspicious activity, indicating a “potential” data breach involving some information related to users’ USIMs data.
SKT began replacing mobile SIM cards of 23 million users, but the company has faced shortages in obtaining sufficient USIM cards to fulfill its promise to provide free SIM card replacements.
South Korean police began investigating SKT’s suspected cyberattack on April 18.
According to local media reports, many South Korean companies, including SKT, use Ivanti VPN equipment, and that the recent data breach may be connected to China-backed hackers.
Per a local media report, SKT said it received a cybersecurity notice from KISA instructing the company to turn off and replace the Ivanti VPN.
TeamT5, a cybersecurity company based in Taiwan, alerted the public to the worldwide threats posed by a government-backed group linked to China, which allegedly took advantage of vulnerabilities in Ivanti’s Connect Secure VPN systems to gain access to multiple organizations globally.
Some 20 industries have been affected, including automotive, chemical, financial institutions, law firms, media, research institutes, and telecommunications, across 12 countries, including Australia, South Korea, Taiwan, and the United States.
A team of public and private investigators discovered an additional eight types of malware in SKT’s hacking case. The team is currently investigating whether the new malware was installed on the same home subscriber server as the original four strains or if they are located on separate server equipment.
Tae-won Chey, the chairman of SK Group, which operates SKT, publicly apologized for the first time for the data breach, some three weeks after the breach occurred.
As of May 7, all eligible users have been signed up for the SIM protection service, except those living abroad using roaming services and temporarily suspended, the spokesperson told TechCrunch, adding that its fraud detection system has already been set up for all customers to prevent unauthorized login attempts using cloned SIM cards.
SKT is currently assessing how to handle the cancellation fees for users affected by the data breach incident. About 250,000 users have switched to another telecom provider following the breach, according to the company’s chief executive at a National Assembly hearing.
South Korean authorities, meanwhile, announced that 25 types of personal information were leaked from the company’s databases during the cyberattack.
Keep reading the article on Tech Crunch
Months after the hacked education software maker PowerSchool paid a hacker’s ransom to delete the company’s banks of stolen student data, at least one school district says it is now being extorted by someone who said the data was not destroyed.
PowerSchool, which provides its K-12 software to thousands of schools to support 60 million students across North America, was hacked in December 2024 using a single stolen credential, which allowed a hacker broad access to PowerSchool’s stores of personally identifiable student and teacher data, including Social Security numbers and health data.
The company said at the time that it had paid the hacker a ransom to allegedly delete the stolen data, but it has repeatedly refused to disclose the sum it paid.
Now, Toronto’s district school board, which serves around 240,000 students each year, said in a statement that earlier this week it had “received a communication from a threat actor demanding a ransom using data from the previously reported incident.”
Several other schools in North America received extortion notes, including across North Carolina, per local media.
PowerSchool confirmed that it had paid the ransom at the time, saying the company “thought it was the best option for preventing the data from being made public.”
Some cybersecurity professionals and law enforcement have long discouraged victims from paying a ransom, as there are no guarantees that the hackers will stick to their word when claiming to delete stolen data. As evidenced by past ransomware and extortion incidents, some gangs were later found to have retained huge amounts of stolen victim data, often to revictimize affected individuals with additional extortion attempts.
In a statement shared with customers this week, seen by TechCrunch, PowerSchool said it “recently became aware that a threat actor has reached out to some PowerSchool SIS customers in an attempt to extort them using data” from the December 2024 breach.
Beth Keebler, a spokesperson for PowerSchool, told TechCrunch that the company does not think this is a new incident because “samples of data match the data previously stolen in December.”
PowerSchool has not yet said how many individuals are affected by its data breach. Several school districts that used PowerSchool at the time of the breach told TechCrunch that “all” of their historical student and teacher data was compromised
In the case of Toronto’s school district, the stolen records date back to at least 2009 and are likely to affect millions of people.
Keep reading the article on Tech Crunch
Venture capital firm Insight Partners said it will alert an unspecified number of people that their personal information was stolen during a cyberattack in January.
The VC firm confirmed in an updated statement this week it was planning to notify affected people on a rolling basis beginning “in the next few days.” The company said the stolen data includes personal information about its current and former employees, and information relating to its limited partners — the investors who provide capital to Insight’s venture funds but whose names are typically kept private.
Insight said the stolen data also includes information about certain funds, management companies, and portfolio companies, including banking and tax information.
This is the first time Insight has acknowledged that data was exfiltrated during the January cyberattack on the firm. The company previously attributed the hack to an “sophisticated” social engineering attack, but has not yet provided evidence for this claim. The specific nature of the attack remains unclear.
A spokesperson for Insight Partners did not immediately return a request for comment.
The VC firm has more than $90 billion in regulated assets under management, making it one of the largest tech startup investors in the world. Insight has helped to fund cybersecurity giants, including Wiz and Armis.
Insight Partners is the latest venture capital firm in recent years to experience a cyberattack. In 2021, Silicon Valley venture firm Advanced Technology Ventures was hit by a ransomware attack that allowed criminals to steal data on the firm’s limited partners.
Keep reading the article on Tech Crunch