Five for Friday: 16 May 2025
Sherpa Intelligence: Your Guide Up a Mountain of Information!
Check out these five Information Security and Data Privacy news items from this past week that may have been overlooked.
The countdown to the weekend begins with 5-4-Friday!
Monday, May 12 - Friday, May 16, 2025
Long Island school districts breached by cyber hackers — thousands of students’ records exposed in alarming trend
(The New York Post, May 12th)
- More than 20 school districts across Long Island were hit by cyber hackers leaving more than 10,000 students’ records and personal info vulnerable to criminals.Alabama says ‘cybersecurity event’ could disrupt state government services
(The Record, May 13th)
- Incident was first detected on May 9; investigators don’t yet know the full scope of the attack or who is responsible.
- Cyberattacks on state and local government agencies have become common in recent years. Examples include Rhode Island’s benefits system, Oregon’s environmental agency and the office of Virginia’s attorney general, as well as the city governments of Abilene and Mission in Texas, and systems in a Pennsylvania county.Steelmaker Nucor halts some production after cyber security incident
(Reuters, May 14th)
- The Charlotte, North Carolina-based company said it is in the process of restarting the affected operations as it investigates the incident along with external cyber security experts.
- Nucor has notified federal law enforcement authorities and is taking the potentially affected systems offline, while also implementing other containment, remediation or recovery measures, it said in an SEC filing.Christian Dior Couture Client Data Breached in Cyber Attack
(Bloomberg, May 15th)
- French multinational holding company LVMH Moët Hennessy Louis Vuitton SE (LVMH)’s second biggest fashion label said it recently discovered that an “unauthorized external party” accessed some of its customers’ data but no financial information, including bank or credit card details, was disclosed in the breach.
- Le Monde newspaper reported the cyber attack took place in January and that customers in Asia were informed of the database breach earlier this week.New Japan law allows preemptive defense of infrastructure cyberattack
(Kyodo News English, May 16th)
- The "active cyberdefense" law will oblige operators of key infrastructure, such as those in the electricity and railway sectors, to report cyber breaches to the government.
- Information to be monitored and analyzed by the government includes IP addresses used in communication between foreign countries that pass through Japan, as well as those between Japan and abroad; They do not include domestic communications and the government is not permitted to surveil the content of messages, including the body of emails.
