Zero-Day Newsletter: Cybersecurity reports, news, and insights for IT professionals
The cheekiest cybersecurity newsletter on the planet.
Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.
There are three key words for you from our ransomware roundup this week: manufacturing, governments, and NightSpire.
As we reported in our Q1 ransomware report (which dropped yesterday, in case you missed it), governments and manufacturers remain key targets for hackers. Not that anyone’s safe, mind, as the majority of industries are seeing a growth in attacks. In fact, Q1 of 2025 saw 1,000 more attacks than the same period of 2024…
Nope, sorry…that isn’t a typo. There really were a thousand more attacks in the first three months of this year when compared to last.
Let’s just let that sink in for a minute, shall we? Here to learn more about breach notifications? Scroll to the bottom!
Oh, Gooding! Another government ransomware attack (or two)...
This week, Gooding County, Idaho, started notifying people about a data breach following a ransomware attack on the county’s computer network in March 2025.
Hats off to Gooding for reporting this breach in record time… perhaps even beating its hackers to it as they remain unknown at this time (unless Gooding paid them off, that is).
In contrast, the origins of a “cyber attack” in November 2024 on North Platte Natural Resources District only just started to come to light this week after ransomware Qilin posted the agency to its data leak site.
Also quick to notify people of an attack this week was Sensata Technologies. It reported that its systems had been impacted in a ransomware incident on April 6. Operations, including shipping, receiving, manufacturing production, and various other support functions, were affected with no timeline for restoration given at the time of writing.
Sensata isn’t alone. Our Q1 report for 2025 found 451 ransomware attacks on manufacturers, 33 of which had been confirmed. Worryingly, this figure is over double what we recorded in Q1 of 2024 (201).
And with the average manufacturer losing $1.9 million per day of downtime from a ransomware attack, these figures are a heck of a lot to pack up and process.
One gang that appears to be jumping on the let’s-attack-government-agencies-and-manufacturers bandwagon (and with quite a bit of success) is the newly-formed NightSpire.
This week, three attacks via this gang were confirmed, including two manufacturers (Tanaka Electronics Taiwan Co. Ltd. and Nippon Ceramic Co., Ltd. in Japan) and Mexican government agency, Secretaría de Educación de Veracruz.
The legal repercussions of slow ransomware notification times
Companies staring down a ransomware threat are always in a difficult position. On the one hand, publicly acknowledging that there was a breach could negatively impact the business. Last year, we researched and wrote about how data breaches impact stock prices. Our findings then were fairly significant, but not long lasting:
Stocks of breached companies on average underperformed the NASDAQ by -3.2% in the six months after a breach disclosure
Stock prices bottomed out 41 business days following a breach, sinking -1.4% on average
Stock prices recovered to their pre-breach disclosure levels 53 days after a breach
The average share price of healthcare companies fell the most after a breach, followed by finance and manufacturing
Counterintuitively, breaches of highly sensitive data like Social Security numbers had less of a negative impact on share price than breaches of non-sensitive info like email addresses
Breaches impacting a larger number of records had a greater negative impact on share price than smaller breaches, but not by much
Breaches that occurred prior to 2015 had the greatest impact on share price
Which is to say, if you find yourself on the end of a breach, and you're concerned about the stock price impact that breach will have... don't. Our research shows that your stock price will recover. Reporting just creates a buying opportunity for hungry investors, if anything. "But, what about the impact it will have on current and future business?" Glad you asked. That's a much bigger concern, particularly with the cost of recovery from a data breach. Breaches bring with them notable costs to your business, such as the cost to recover from the breach, cost of website downtime (if any), reputation impacts (particularly if the breach was clearly due to your lax network security practices), or even credit rating. These are nothing to sniff at, and for a small business, it could mean the end of the line.
But there's a bigger issue to consider, and that's your legal reporting requirements. That's where things get tricky, and where your legal analysts need to put in some work after a data breach. Notification laws vary by state, revenue, and other factors. But from a high level, you should consider all of the following notification rules if you've been a victim of a breach:
State-specific notification requirements: Most U.S. states have their own breach notification laws outlining deadlines for notifying affected individuals and regulatory authorities.
Industry-specific compliance: If your business is within regulated industries (such as healthcare with HIPAA, finance with GLBA, or education under FERPA), additional stringent reporting requirements may apply. Our friends at Planet Compliance are a good resource for compliance laws.
Federal requirements: Certain breaches must also be reported to federal agencies, such as breaches involving health records to the Department of Health and Human Services (HHS), or breaches impacting national security to the Department of Homeland Security (DHS).
Law enforcement notification: In cases involving criminal activity, notifying appropriate law enforcement authorities is often required, especially to initiate investigation procedures.
Public disclosure requirements: Publicly traded companies have disclosure obligations under SEC regulations. Material breaches typically need to be publicly disclosed promptly to investors and shareholders.
Credit reporting agencies: Depending on the nature and scale of the breach, you may be required to notify major credit bureaus, especially if financial or highly sensitive personal information is involved.
Timely breach reporting is not only necessary, but morally right by the people who have been impacted. Morality aside, your company faces significant legal consequences for delaying a breach for fear of reputational or financial impact. Simply put, that notification delay probably isn't worth it. Once you know you've confirmed the breach, notify those impacted, then any other government agencies that need to know.
Until next week. Let’s keep that zero-day count hardened at zero!
Suite 3 Falcon Court Business Centre, College Road, Maidstone, Kent ME15 6TF Unsubscribe · Preferences
The cheekiest cybersecurity newsletter on the planet.
Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.