Zack Whittaker

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by e-mail at

The Latest from Zack Whittaker

Apple releases security updates for iOS, iPadOS and macOS, fixing two actively exploited zero-days

Apple has released security updates for iPhones, iPads and Macs to patch against two vulnerabilities, which the company says are being actively exploited to hack people. The technology giant rolled ou

Security flaws in court record systems used in five US states exposed sensitive legal documents

Witness lists and testimony, mental health evaluations, detailed allegations of abuse and corporate trade secrets. These are some of the sensitive legal court filings that security researcher Jason Pa

Ukraine fires top cybersecurity officials

The Ukrainian government has fired two of its most senior cybersecurity officials following accusations of alleged embezzlement. Yurii Shchyhol, head of Ukraine’s State Special Communications Se

Healthcare startups scramble to assess fallout after Postmeds data breach hits millions of patients

More than 2 million people across the United States will receive notice that their personal and sensitive health information was stolen earlier this year during a cyberattack at Postmeds, the parent c

9 million patients had data stolen after US medical transcription firm hacked

Close to nine million patients had highly sensitive personal and health information stolen during a cyberattack on a U.S. medical transcription service earlier this year, representing one of the worst

US says Royal ransomware gang plans ‘Blacksuit’ rebrand

The U.S. government says Royal, one of the most active ransomware gangs in recent years, is preparing to rebrand or spin off with a new name, Blacksuit. In an update this week to a previously publishe

Healthcare giant McLaren reveals data on 2.2 million patients stolen during ransomware attack

Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang la

Maine government says data breach affects 1.3 million people

The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursda

Mr. Cooper says customer data exposed during cyberattack

Mr. Cooper, the mortgage and loan giant with more than four million customers, has confirmed customer data was compromised during a recent cyberattack. In an updated notice on its website published Th

23andMe data theft prompts DNA testing companies to switch on 2FA by default

DNA testing and genealogy companies are stepping up user account security by mandating the use of two-factor authentication, following the theft of millions of user records from DNA genetic testing gi

Online store exposed millions of Chinese citizen IDs

A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a securit

Android’s new real-time app scanning aims to combat malicious sideloaded apps

Android’s in-built security engine Google Play Protect has a new feature that conducts a real-time analysis of an Android app’s code and blocks it from installing the app if it’s con

Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage

Mortgage and loan giant Mr. Cooper says a “cybersecurity incident” earlier this week was the cause of an ongoing outage, adding that the company isĀ “working to resolve the issue.&#8

Lawmakers say Costco’s decision to continue selling banned China surveillance tech is ‘puzzling’

Two U.S. lawmakers have asked retail giant Costco why it continues to sell surveillance equipment made by Lorex, despite warnings of cybersecurity risks and links to human rights abuses. The bipartisa

SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack

The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about t

CCleaner says hackers stole users’ personal data during MOVEit mass-hack

The maker of the popular optimization app CCleaner has confirmed hackers stole a trove of personal information about its paid customers following a data breach in May. In an email sent to customers, G

Okta’s latest hack fallout hits Cloudflare, 1Password

Network and security giant Cloudflare and password manager maker 1Password said hackers briefly targeted their systems following a recent breach of Okta’s support unit. Both Cloudflare and 1Pass

Okta says hackers stole customer access tokens from support unit

Identity and access giant Okta said a hacker broke into its customer support ticket system and stole sensitive files that can be used to break into the networks of Okta’s customers. Okta chief s

Indian state government fixes website bug that revealed Aadhaar numbers and fingerprints

A security researcher says a bug on an Indian state government website inadvertently revealed documents containing residents’ Aadhaar numbers, identity cards and copies of their fingerprints. Th

Yepic fail: This startup promised not to make deepfakes without consent, but did anyway

U.K.-based startup Yepic AI claims to use “deepfakes for good” and promises to “never reenact someone without their consent.” But the company did exactly what it claimed it nev
Load More