Zack Whittaker

Security Editor, TechCrunch

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.

Zack Whittaker

Latest from Zack Whittaker

CISA said the latest theft of government email — blamed on Russian government hackers — presents “a grave and unacceptable risk” to U.S. federal agencies.

US says Russian hackers stole federal government emails during Microsoft cyberattack

The U.S. cybersecurity agency said it was responding to a “recent compromise” at the data analytics giant, which provides business intelligence to critical infrastructure companies.

US government urges Sisense customers to reset credentials after hack

The legally required disclosure came a week after AT&T confirmed a cache containing millions of customers’ data that leaked online was genuine.

AT&T notifies regulators after customer data breach

The tech giant secured a cloud storage server that was inadvertently spilling Microsoft internal data and credentials to the open internet.

Microsoft employees exposed internal passwords in security lapse

Targus’ parent company, B. Riley Financial, said it discovered “a threat actor gained unauthorized access to certain of Targus’ file systems.”

Targus says cyberattack is causing operational outage

Featured Article

‘Reverse’ searches: The sneaky ways that police tap tech companies for your private data

Reverse searches cast a digital dragnet over a tech company’s store of user data to catch the information that police are looking for.

8:05 am PDT • April 2, 2024
‘Reverse’ searches: The sneaky ways that police tap tech companies for your private data

Featured Article

AT&T resets account passcodes after millions of customer records leak online

A security researcher told TechCrunch that leaked AT&T customer data contained encrypted account passcodes that can be easily unscrambled.

7:10 am PDT • March 30, 2024
AT&T resets account passcodes after millions of customer records leak online

The government’s reward for information now extends to ALPHV’s affiliates, which claimed responsibility for a massive weekslong healthcare cyberattack.

US offers $10M to help catch Change Healthcare hackers

It’s the first time the United Kingdom has attributed the massive breach of millions of citizens’ voter data since the cyberattack was first disclosed in 2023.

UK blames China for massive breach of voter data

Customers say their leaked AT&T customer data — names, addresses, phone numbers and Social Security numbers — is accurate.

AT&T won’t say how its customers’ data spilled online

The U.S. Department of Transportation announced its first industry-wide review of data security and privacy policies across the largest U.S. airlines. The DOT said in a press release Thursday that…

DOT to investigate data security and privacy practices of top US airlines

Featured Article

Users say Glassdoor added real names to user profiles without their consent

One user said Glassdoor pulled her full name from an email and added it to her profile. Another user said it wasn’t clear how Glassdoor got his data.

2:45 pm PDT • March 20, 2024
Users say Glassdoor added real names to user profiles without their consent

Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create…

Mintlify says customer GitHub tokens exposed in data breach

Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on…

Tech giant Fujitsu says it was hacked, warns of data breach

Featured Article

How to verify a data breach

Over the years, TechCrunch has extensively covered data breaches. In fact, some of our most-read stories have come from reporting on huge data breaches, such as revealing shoddy security practices at startups holding sensitive genetic information or disproving privacy claims by a popular messaging app. It’s not just our sensitive…

10:35 am PDT • March 15, 2024
How to verify a data breach

Two years ago, the Irish government fixed a vulnerability in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents. But details of the vulnerability…

A bug in an Irish government website that exposed COVID-19 vaccination records took 2 years to publicly disclose

Featured Article

Four things we learned when US intelligence chiefs testified to Congress

Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk assessment. The unclassified report published Monday — sanitized for public…

3:20 pm PDT • March 11, 2024
Four things we learned when US intelligence chiefs testified to Congress

Featured Article

As the Change Healthcare outage drags on, fears grow that patient data could spill online

A cyberattack at U.S. health tech giant Change Healthcare has ground much of the U.S. healthcare system to a halt for the second week in a row. Hospitals have been unable to check insurance benefits of in-patient stays, handle the prior authorizations needed for patient procedures and surgeries or process…

2:00 am PST • March 9, 2024
As the Change Healthcare outage drags on, fears grow that patient data could spill online

Featured Article

Elon Musk switched on X calling by default: Here’s how to switch it off

In his quest to turn a simple and functioning Twitter app into X, the everything app that doesn’t do anything very well, Elon Musk launched audio and video calling on X last week — and this new feature is switched on by default, it leaks your IP address to anyone…

3:40 pm PST • March 4, 2024
Elon Musk switched on X calling by default: Here’s how to switch it off

A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access…

A leaky database spilled 2FA codes for the world’s tech giants

Featured Article

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages

American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself…

7:15 am PST • February 29, 2024
UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages

Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems. Numerous threads on news…

Anycubic users say their 3D printers were hacked to warn of a security flaw

An ongoing cyberattack at U.S. health tech giant Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was caused by ransomware,…

Ransomware attack blamed for Change Healthcare outage stalling US prescriptions

Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed. The loan and mortgage giant company said…

LoanDepot says about 17M customers had personal data and Social Security numbers stolen during cyberattack

U.S. health insurance giant UnitedHealth Group (UHG) said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised, likely by government-backed hackers. In a filing Thursday,…

UnitedHealth says Change Healthcare hacked by nation-state, as US pharmacy outages drag on

The Federal Trade Commission (FTC) on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent…

FTC bans antivirus giant Avast from selling its users’ browsing data to advertisers

U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement Wednesday, the company said it was “experiencing a network interruption related to a…

US health tech giant Change Healthcare hit by cyberattack

A sweeping law enforcement operation led by the U.K.’s National Crime Agency (NCA) this week took down LockBit, the notorious Russia-linked ransomware gang that for years has wreaked havoc on…

Six things we learned from the LockBit takedown

The U.S. government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims across the U.S. and internationally. In a…

US sanctions LockBit members after ransomware takedown

The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification…

US military notifies 20,000 of data breach after cloud email leak