Belgium's intelligence service is scrutinizing the operations of technology giant Huawei as fears of Chinese espionage grow around the EU and NATO headquarters in Brussels, according to confidential documents seen by POLITICO and three people familiar with the matter. From the report: In recent months, Belgium's State Security Service (VSSE) has requested interviews with former employees of the company's lobbying operation in the heart of Brussels' European district. The intelligence gathering is part of security officials' activities to scrutinize how China may be using non-state actors -- including senior lobbyists in Huawei's Brussels office -- to advance the interests of the Chinese state and its Communist party in Europe, said the people, who requested anonymity due to the sensitivity of the matter. The scrutiny of Huawei's EU activities comes as Western security agencies are sounding the alarm over companies with links to China. British, Dutch, Belgian, Czech and Nordic officials -- as well as EU functionaries -- have all been told to stay off TikTok on work phones over concerns similar to those surrounding Huawei, namely that Chinese security legislation forces Chinese tech firms to hand over data. The scrutiny also comes amid growing evidence of foreign states' influence on EU decision-making -- a phenomenon starkly exposed by the recent Qatargate scandal, where the Gulf state sought to influence Brussels through bribes and gifts via intermediary organizations. The Belgian security services are tasked with overseeing operations led by foreign actors around the EU institutions.

The Biden administration on Monday announced a new executive order that would broadly ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. From a report: The move to ban federal agencies -- including law enforcement, defense and intelligence -- from using commercial spyware comes as officials confirmed that dozens of U.S. government personnel had their phones targeted. Human rights defenders and security researchers have for years warned of the risks posed by commercial spyware, created in the private sector and sold almost exclusively to governments and nation states. [...] In a call with reporters ahead of the order's signing, Biden administration officials said that the United States was trying to get ahead of the problem and set standards for other governments and its allies, which buy and deploy commercial spyware. The order is the latest action taken by the government in recent years, including banning some spyware makers from doing business in the U.S. and passing laws aimed at limiting the use and procurement of spyware by federal agencies.

Security researchers at Moscow-based Kaspersky Lab have identified and outlined potential malware in versions of PDD Holdings' Chinese shopping app Pinduoduo, days after Google suspended it from its Android app store. From a report: In one of the first public accountings of the malicious code, Kaspersky laid out how the app could elevate its own privileges to undermine user privacy and data security. It tested versions of the app distributed through a local app store in China, where Huawei Technologies, Tencent Holdings and Xiaomi run some of the biggest app markets. Kaspersky's findings, shared with Bloomberg News, were among the clearest explanations from an independent security team for what triggered Google's action and malware warning last week. The cybersecurity firm, which has played a role in uncovering some of the biggest cyberattacks in history, said it found evidence that earlier versions of Pinduoduo exploited system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications. Those conclusions agreed in large part with those of researchers that had posted their discoveries online in past weeks, though Bloomberg News hasn't verified the authenticity of the earlier reports.

An anonymous reader shares this report from the New York Post: Disgruntled Amazon corporate employees are reportedly devastated after a top human resources executive shot down an internal petition that asked the tech giant's leaders to nix its return-to-office plan. Approximately 30,000 workers had signed a petition begging CEO Andy Jassy to cancel his directive that most employees work on site at least three days per week. The return-to-office plan is slated to take effect on May 1.

Beth Galetti, Amazon's HR chief, shot down the petition in a message to organizers obtained by Insider and signaled that the return-to-office plan will move forward as scheduled. "Given the large size of our workforce and our wide range of businesses and customers, we recognize this transition may take time, but we are confident it will result in long-term benefits to increasing our ability to deliver for our customers, bolstering our culture, and growing and developing employees," Galetti said in the memo....

In the petition, which first surfaced last month, Amazon workers argued they are more productive and enjoy a better work-life balance in a remote work environment. The workers also asserted that the three-day-per-week requirement runs contrary to Amazon's stances on issues such as affordable housing, diversity and climate change.... Meanwhile, Jassy has argued that working more days on site will help build effective collaboration and "deliver for customers and the business."

GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. BleepingComputer reports: The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution." In a succinct blog post published today, GitHub acknowledged discovering this week that the RSA SSH private key for GitHub.com had been ephemerally exposed in a public GitHub repository.

"We immediately acted to contain the exposure and began investigating to understand the root cause and impact," writes Mike Hanley, GitHub's Chief Security Officer and SVP of Engineering. "We have now completed the key replacement, and users will see the change propagate over the next thirty minutes. Some users may have noticed that the new key was briefly present beginning around 02:30 UTC during preparations for this change." As some may notice, only GitHub.com's RSA SSH key has been impacted and replaced. No change is required for ECDSA or Ed25519 users.

New submitter Kitkoan writes: Hackers had gained control of Linus Tech Tips' YouTube channel to promote a cryptocurrency scam. Earlier on Thursday, hackers had gained control of the Linus Tech Tips YouTube channel and used it to promote a fake crypto giveaway that falsely used the name of Elon Musk and the Tesla brand (obviously without the permission of either party). Thankfully, the Linus Tech Tips crew quickly worked to re-establish control of the channel, but not before the channel had started two live streams to promote AI, chat GPT, Bitcoin, and their aforementioned (fake) crypto giveaway.

An anonymous reader quotes a report from KrebsOnSecurity: Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones. In November 2022, researchers at Google's Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device. Google said it believes the exploit chain for Samsung devices belonged to a "commercial surveillance vendor," without elaborating further. The highly technical writeup also did not name the malicious app in question.

On Feb. 28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company's app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove. DarkNavy likewise did not name the app they said was responsible for the attacks. In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. DarkNavy did not respond to requests for clarification. "At present, a large number of end users have complained on multiple social platforms," reads a translated version of the DarkNavy blog post. "The app has problems such as inexplicable installation, privacy leakage, and inability to uninstall."

On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo. A Mar. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time. On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduo's app was using security vulnerabilities to gain market share by stealing user data from its competitors. That Weibo post has since been deleted. On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo's source code included a "backdoor," a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will. That analysis includes links to archived versions of Pinduoduo's app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code. Pinduoduo boasts approximately 900 million monthly active users in China. In August of last year, the Guardian published an article covering the company's plans to expand to the U.S. and take on Amazon.

turp182 shares a report from Ars Technica: Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can't be reversed, the kiosk manufacturer has revealed. The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren't entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface.

Over the weekend, General Bytes revealed that more than $1.5 million worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5 million. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable. [...] Once the malicious application executed on a server, the threat actor was able to (1) access the database, (2) read and decrypt encoded API keys needed to access funds in hot wallets and exchanges, (3) transfer funds from hot wallets to a wallet controlled by the threat actor, (4) download user names and password hashes and turn off 2FA, and (5) access terminal event logs and scan for instances where customers scanned private keys at the ATM. The sensitive data in step 5 had been logged by older versions of ATM software.

Going forward, this weekend's post said, General Bytes will no longer manage CASes on behalf of customers. That means terminal holders will have to manage the servers themselves. The company is also in the process of collecting data from customers to validate all losses related to the hack, performing an internal investigation, and cooperating with authorities in an attempt to identify the threat actor. General Bytes said the company has received "multiple security audits since 2021," and that none of them detected the vulnerability exploited. The company is now in the process of seeking further help in securing its BATMs.

An anonymous reader quotes a report from Ars Technica: As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated. Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded. According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.

According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US's, use RDX, which "can be used alone as a base charge for detonators or mixed with other explosives, such as TNT." Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm. On Monday, Fundamedios, an Ecuadorian nonprofit focused on media rights, put out a statement on the incidents, which saw letters accompanied by USB-stick bombs sent to two more journalists in Guayaquil and two journalists in Ecuador's capital.

Fundamedios said Alvaro Rosero, who works at the EXA FM radio station, also received an envelope with a flash drive on March 15. He gave it to a producer, who used a cable with an adapter to connect it to a computer. The radio station got lucky, though, as the flash drive didn't explode. Police determined that the drive featured explosives but believe it didn't explode because the adapter the producer used didn't have enough juice to activate it, Fundamedios said. Yet another reporter attempted to access the drive's unknown content. Milton Perez at Teleamazonas' Quito offices might have set off the USB stick's explosives if he had plugged it into the computer properly, according to Fundamedios. Police intercepted a fourth drive sent to Carlos Vera in Guayaquil and performed a "controlled detonation" on one sent to Mauricio Ayora at TC Television, also in Guayaquil, BBC reported. It's unclear what the motive is behind the exploding drives. Ecuador Interior Minister Juana Zapata confirmed that all five cases used the same type of USB device and said the incidents send "an absolutely clear message to silence journalists," per AFP.

In a statement cited by BBC, the Ecuadorian government said, "Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigor of justice."

The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked. From the report: Canadian financing giant Investissement Quebec confirmed to TechCrunch that "some employee personal information" was recently stolen by a ransomware group that claimed to have breached dozens of other companies. Spokesperson Isabelle Fontaine said the incident occurred at Fortra, previously known as HelpSystems, which develops the vulnerable GoAnywhere file transfer tool. Hitachi Energy also confirmed this week that some of its employee data had been stolen in a similar incident involving its GoAnywhere system, but saying the incident happened at Fortra.

Over the past few days, the Russia-linked Clop gang has added several other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid. TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best. Since the attack in late January or early February -- the exact date is not known -- Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization's network that allows companies to securely transfer huge sets of data and other large files.

Photography and camera gear review site DPReview, writing in a blog post: After nearly 25 years of operation, DPReview will be closing in the near future. This difficult decision is part of the annual operating plan review that our parent company shared earlier this year. The site will remain active until April 10, and the editorial team is still working on reviews and looking forward to delivering some of our best-ever content. Everyone on our staff was a reader and fan of DPReview before working here, and we're grateful for the communities that formed around the site. Thank you for your support over the years, and we hope you'll join us in the coming weeks as we celebrate this journey.

Microsoft today announced that its new AI-enabled Bing will now allow users to generate images with Bing Chat. From a report: This new feature is powered by DALL-E, OpenAI's generative image generator. The company didn't say which version of DALL-E it is using here, except for saying that it is using the "very latest DALL-E models." Dubbed the "Bing Image Creator," this new capability is now (slowly) rolling out to users in the Bing preview and will only be available through Bing's Creative Mode. It'll come to Bing's Balanced and Precise modes in the future.

The new image generator will also be available in the Edge sidebar. The right prompts will generate the now-familiar square of four high-res DALL-E images. There's one major difference, though: there will be a small Bing logo in the bottom left corner. The early Bing AI release was missing a few guardrails, but Microsoft quickly fixed those. The company is clearly hoping to avoid these issues with this release.

The BBC has advised staff to delete TikTok from corporate phones because of privacy and security fears. From a report: The BBC seems to be the first UK media organisation to issue the guidance - and only the second in the world after Denmark's public service broadcaster. The BBC said it would continue to use the platform for editorial and marketing purposes for now. [...] The big fear is that data harvested by the platform from corporate phones could be shared with the Chinese government by TikTok's parent company ByteDance, because its headquarters are in Beijing.

In an email to staff on Sunday, it said: "The decision is based on concerns raised by government authorities worldwide regarding data privacy and security. If the device is a BBC corporate device, and you do not need TikTok for business reasons, TikTok should be deleted from the BBC corporate mobile device." Staff with the app on a personal phone that they also use for work have been asked to contact the corporation's Information Security team for further discussions, while it reviews concerns around TikTok. Dominic Ponsford, editor-in-chief of journalism industry trade publication the Press Gazette, said it would be interesting to see what other media organizations decide to do. He told the BBC: "I suspect everyone's chief technical officer will be looking at this very closely. Until now, news organizations have been very keen to use TikTok, because it's been one of the fastest-growing social media platforms for news publishers over the last year, and it's been a good source of audience and traffic. So most of the talk in the news media has been around encouraging TikTok rather than banning it."

An anonymous reader quotes a report from Ars Technica: Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years.

The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original -- that's very easy to do with the crop tool -- you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data. While the bug was fixed in the March 2023 security update for Pixel devices, it doesn't solve the problem, notes Ars. "There's still the matter of the last four years of Pixel screenshots that are out there and possibly full of hidden data that people didn't realize they were sharing."

"According to one count, more than 280,000 people were laid off from tech jobs in 2022 and the first two months of 2023," notes a new blog post at Stack Overflow.

But then it asks the question: "What's different about these layoffs?" [T]he current economy has less in common than you might think with the wreckage of the dot-com bubble or the Great Recession. Overall, it's still a good time to work in tech, and the hiring market remains robust: One survey found that almost 80% of people laid off in tech found new roles within three months of launching their job search. There are more open tech positions than people to fill them (about 375,000, according to one estimate), and job listings between January and October 2022 were up 25% over the same period in 2021.

If the job market isn't as dire as we think, why does this round of layoffs feel so widespread, affecting companies often perceived as more recession-proof than their peers? Part of the answer may be what organizational behavior experts have termed "copycat layoffs." "Laying off employees turns out to be infectious," writes Annie Lowrey in The Atlantic. "When executives see their corporate competitors letting go of workers, they seize what they see as an opportunity to reduce their workforce, rather than having no choice but to do so...."

In many cases, workers laid off by household-name tech companies have found new jobs outside the traditional parameters of the tech industry, where their skill sets are in high demand. As Matt McLarty, global field chief technology officer for MuleSoft, told CNBC, businesses that have long needed tech professionals to upgrade their stack or guide a long-delayed cloud migration can now scoop up freshly laid-off tech workers (and those for whom Silicon Valley has lost its luster). Companies in energy and climate technology, healthcare, retail, finance, agriculture, and more are hiring tech pros at a steady clip, even if FAANG companies are less bullish. It's been said before that every company is a tech company, but in 2023, that's truer than ever. In fact, the biggest difference for tech workers this year, reports The New Stack, is that "the greatest opportunities may not lie exclusively in the FAANG companies anymore, but in more traditional industries that are upgrading their legacy stacks and embracing cloud native." Some of those opportunities also lie with startups, including ones helmed by Big Tech veterans ready to turn their layoffs into lemonade....

So whether you've been affected by the recent spate of layoffs or not, it's worth expanding your list of potential employers to include companies — even industries — you've never considered. You might find that they're thrilled to have you.

Slashdot reader Prahjister knows what a system on a chip is. But that's part of the problem: I recently started hearing the term SoC at work when referring to digital signage hardware. This has really triggered me.... It is like when I heard people refer to a PC as a CPU.

I tried to speak to my colleagues and dissuade them from using this term in this manner with no luck. Am I wrong trying to dissuade them for this?
Maybe another question would be: Are there technical malapropisms that drive you crazy? Share your own thoughts and experiences in the comments.

And when should you call hardware a 'SoC'?

Long-time Slashdot reader BonThomme shared this article from Axios: In a story in the Financial Times out Thursday, current and former Silicon Valley Bank employees cited the bank's commitment to remote work as one reason for its failure....

The banking industry has led the return to office charge for a while, and SVB was an outlier in its commitment to something different. The company's career site touted its flexible culture. "If our time working remotely has taught us anything, it's that we can trust our employees to be productive from wherever they work," the site says. The executive team at SVB was spread out around the country, with CEO Greg Becker at times working from Hawaii, according to the FT.

Yet, SVB included remote work as a risk to its business in its 2022 annual report — in part because of the IT issues posed when employees are dispersed around the country, but also for productivity reasons.

The FDIC, which now runs the bank, told staff they could continue working remotely — except essential workers and branch employees, per Reuters.
Axios ultimately blames SVB's run 11 days ago on its panic-inciting public communications about needing to raise capital, combined with its oddly high concentration of tech clients and a portfolio of long-term U.S. treasuries as interest rates rose. "It's certainly possible that if more executives were working in closer proximity those missteps would've been avoided. But it's hard to really know." Yet they warn workplace policies could change simply because the Financial Times ran a piece blaming remote work.

"Companies looking for a reason to bring workers back to the office may find it in this piece."

An anonymous reader quotes a report from Bloomberg: Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site "BreachForums" under the name "Pompompurin." Conor Brian Fitzpatrick was arrested by a team of investigators at his home around 4:30 p.m. Wednesday, an FBI agent said in a sworn statement filed in court the next day. Fitzpatrick is charged with a single count of conspiracy to commit access device fraud.

BreachForums hosted the stolen databases of almost 1,000 companies and websites. The databases often includes personal information, such as names, emails and passwords. The information is offered for sale by users of the site and can be used for fraud. Pompompurin's profile on BreachForums describes him as "Bossman" and pictures the Sanrio Co. cartoon dog whose name he used as an online alias. The profile shows Fitzpatrick's most recent visit to the site was Wednesday at 3:53 p.m., shortly before his arrest. The FBI agent, who led the other agents in the arrest, said Fitzpatrick admitted he had used the alias "Pompompurin" and was the owner and operator of BreachForums.

In November 2021, Pompompurin claimed responsibility for sending out fake emails that originated from an "fbi.gov" email address. Pompompurin claimed responsibility for the breach in an interview with Brian Krebs. Details of the charges, filed in federal court in Alexandria, Virginia, have not been made public. A spokeswoman for the US Attorney in Alexandria didn't return phone and email messages seeking comment. Fitzpatrick was presented in federal court in White Plains, New York, and released on a $300,000 unsecured bond, signed by his parents. Fitzpatrick is required to avoid any contact with co-defendant, co-conspirators and witnesses in the case. He's due to appear in court in Alexandria on March 24.

A voiceprint program used by millions of Australians to access data held by government agencies can be fooled by an AI-generated voice, reports the Guardian. From the report: Centrelink and the Australian Taxation Office (ATO) both give people the option of using a "voiceprint", along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts. Using just four minutes of audio, a Guardian Australia journalist was able to generate a clone of their own voice and was then able to use this, combined with their customer reference number, to gain access to their own Centrelink self-service account.

Anyone trying to use voiceprint also needs to know the account-holder's customer reference number, which is not normally publicly available, but the number is not treated as securely as a password and is included in correspondence from Centrelink and other service providers, such as childcare centers. The self-service phone system allows people to access sensitive material such as information on their payment of benefits and to request documents to be sent by mail, including replacement concession or healthcare cards. Services Australia declined to say if the voiceprint technology would be changed or removed from Centrelink.

An anonymous reader quotes a report from The Register: A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak. The proposed class-action lawsuit stems from a February intrusion during which malware crew BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network (LVHN) physician's networks, stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people, and then demanded a ransom payment to decrypt the files and prevent it from posting the health data online. The Pennsylvania health care group, one of the largest in the US state, oversees 13 hospitals, 28 health centers, and dozens of other physicians' clinics, pharmacies, rehab centers, imaging and lab services. LVHN refused to pay the ransom, and earlier this month BlackCat started leaking patient info, including images of at least two breast cancer patients, naked from the waist up.

According to the lawsuit [PDF] filed this week, here's how one of the patients, identified as "Jane Doe" found out about the data breach -- and that LVHN had stored nude images of her on its network in the first place. On March 6, LVHN VP of Compliance Mary Ann LaRock, called Doe and told her that her nude photos had been posted on the hackers' leak site. "Ms. LaRock offered plaintiff an apology, and with a chuckle, two years of credit monitoring," the court documents say. In addition to swiping the very sensitive photos, the crooks also made off with everything needed for identity fraud.

According to the lawsuit, LaRock also told Doe that her physical and email addresses, along with date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach. "Given that LVHN is and was storing the sensitive information of plaintiff and the class, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach," the lawsuit says. It claims LVHN was negligent in its duty to safeguard patients' sensitive information, and seeks class action status for everyone whose data was exposed with monetary damages to be determined. Pennsylvania attorney Patrick Howard, who is representing Doe and the rest of the plaintiffs in the proposed class action, said he expects the number of patients affected by the breach to be in the "hundreds, if not thousands."