Information compromised in the incident, including names and other personal data, has not been misused by attackers, said ARRL in a filing with the Office of Maine's Attorney General.
Attackers have only obtained access to an archive of The Daily Signal website dating back to 2022 but not access to any of the think tank's systems, according to Heritage spokesperson Noah Weinrich.
Infiltration of systems enabled attackers to exfiltrate individuals' names, birthdates, Social Security numbers, and other government-issued ID numbers stored between April 14 and May 24.
Assessment of the leaked dataset revealed the compromise of millions of customer service tickets, some of which pertained to senior-ranking U.S. military officials.
In this week's enterprise security news, Seed rounds are getting huge, Lots of funding for niche security vendors, Rapid7 acquires Noetic Cyber, but Rapid7 is also rumored to sell itself!, Slack battles infostealers, The loss of Chevron deference impacts cyber, Should cybersecurity put up a no vacancy sign?, Figma and Google both make some embarras...
Organizations affected by the breach have been urged by security researcher and former Microsoft employee Kevin Beaumont to be vigilant of the emails, which were not sent in adherence to the Microsoft 365 breach process.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
