Orca Security, an Israeli security company offering an agent-less platform for protecting cloud-based assets, secured a $550 million extension to the Series C funding round it raised seven months ago.

The initial $210 million round brought the company’s valuation to over $1 billion, and the latest round boosts the valuation by 50% to $1.8 billion, Avi Shua, co-founder and CEO told TechCrunch.

Temasek led the round and was joined by strategic investors SAIC and Splunk Ventures. The initial C round was led by CapitalG and included Redpoint Ventures, GGV, ICONIQ Capital, Lone Pine Capital, Stripes, Adams Street Partners, Willoughby Capital and Harmony Partners.

The extension is in line with the quick rounds Orca Security racked up over the past year. The company raised a $55 million Series B round last December, which followed a $20.5 million Series A round prior to that in May.

Since the Series C earlier this year, the company was busy building a new platform that will move the security environment to the cloud in minutes instead of months, Shua said.

“It’s like an MRI for the cloud,” he added. “Once you connect to the cloud environment, you can get a comprehensive view of the risks without any friction.”

As companies have moved to digital over the past two years, organizations were pushed to deliver features and capabilities in the digital space and couldn’t wait. This led to increased adoption of the cloud and security solutions. For Orca Security, this translated into “booming” growth, Shua said. The company has more than 200 people and grew revenue by 800%.

After closing the Series C, Shua received interest from additional investors wanting to partner with the company, and some of the names stood out to him as partners that could help the company accelerate.

“Temasek is a world-known investor and with strategic partners like Splunk and SAIC, we can go further,” he added. “We were not desperate for cash, but did want to position ourselves for the growth we were experiencing.”

He intends to deploy the new funding into three areas: engineering to continue to deliver more functionality, to extend its global reach and on go-to-market.

In support of both the global growth and go-to-market, Orca Security also announced Tuesday that it hired Meghan Marks as chief marketing officer. Previously, Marks was CMO for Palo Alto Network’s Prisma Cloud business unit.

Orca Security is operating in over 15 countries today and recently launched versions of its website in German, French, Chinese and Japanese. It will expand its footprint in the U.K., where it is opening an office and R&D center in London, as well as across the EMEA and APAC regions. It plans to staff the new London office with two dozen employees by the end of the year.

Shua sees the cloud continuing to move fast, and he expects cloud security to be the next trillion-dollar market over the next five years.

“Orca Security is positioned to be a leader in the market, and we are focused on technology that no one else has,” he added. “We are living in a fragile world, and there are usually no negative aspects to cyber. If you fail, you just try again in the next few minutes, which makes it harder to control. This is the reason the cyber market is growing. What we deploy can be used to protect the environment.”

T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum.

The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” The company said that its investigation will “take some time,” and no timeline was given.

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the company said.

Vice reported this weekend that T-Mobile was investigating a possible intrusion after a seller was claiming to be in possession of millions of records. The seller told Vice that they had 100 million records on T-Mobile customers, which included customer account names, phone numbers, the IMEI numbers of phones on the account, and Social Security number and driver’s license information — details that the company often collects to verify the identities of its customers.

Vice verified a sample of the records from the seller, suggesting the data is in at least partially valid.

The forum post, which TechCrunch has seen, asks for 6 bitcoin, or about $275,000, for a 30 million subset of customers’ data. The data was allegedly obtained from a T-Mobile-run database server that was connected to the internet, according to a screenshot posted by Bleeping Computer, which also reported that the seller has the IMEI database “going back to 2004.” IMEI and ISMI numbers can be used to uniquely identify and locate a cellphone user.

An earlier post seen by TechCrunch from the same seller and using the same sample of data claimed to have 124 million records, but still did not name T-Mobile as the source of the data. The post was deleted in the past few days.

This is by our count the fifth time that T-Mobile was hacked in recent years.

In January, T-Mobile said it had a data breach that saw cybercriminals steal about 200,000 call records and other subscriber data. Last year, T-Mobile had two incidents — it admitted a breach on its email systems that saw hackers access some T-Mobile employee email accounts and access customer data; and a breach of a million prepaid customers’ personal and billing information months later. In 2018, T-Mobile said as many as two million customers may have had their personal information scraped.

You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop.

Meet Tinybird, a new startup that helps developers build data products at scale without having to worry about infrastructure, query time and all those annoying issues that come up once you deal with huge data sets. The company ingests data at scale, lets you transform it using SQL and then exposes that data through API endpoints.

Over the past few years, analytics and business intelligence products have really changed the way we interact with data. Now, many big companies store data in a data warehouse or a data lake. They try to get insights from those data sets.

And yet, extracting and manipulating data can be costly and slow. It works great if you want to make a PowerPoint presentation for your quarterly results. But it doesn’t let you build modern web products and data products in general.

“What we do at Tinybird is we help developers build data products at any scale. And we’re really focused on the realtime aspect,” co-founder and CEO Jorge Gómez Sancha told me.

The team of co-founders originally met at Carto. They were already working on complex data issues. “Every year people would come with an order of magnitude more data,” Gómez Sancha said. That’s how they came up with the idea behind Tinybird.

Image Credits: Tinybird

The product can be divided into three parts. First, you connect your Tinybird account with your data sources. The company will then ingest data constantly from those data sources.

Second, you can transform that data through SQL queries. In addition to the command-line interface, you can also enter your SQL queries in a web interface, divide then into multiple steps and document everything. Every time you write a query, you can see your data filtered and sorted according to your query.

Third, you can create API endpoints based on those queries. After that, it works like a standard JSON-based API. You can use it to fetch data in your own application.

What makes Tinybird special is that it’s so fast that it feels like you’re querying your data in realtime. "Several of our customers are reading over 1.5 trillion rows on average per day via Tinybird and ingesting around 5 billion rows per day, others are making an average of 250 requests per second to our APIs querying several billion row datasets," Gómez Sancha wrote in an email.

Behind the scene, the startup uses ClickHouse. But you don’t have to worry about that as Tinybird manages all the infrastructure for you.

Right now, Tinybird has identified three promising use cases. Customers can use it to provide in-product analytics. For instance, if you operate a web hosting service and wants to give some analytics to your customers or if you manage online stores and want to surface purchasing data to your customers, Tinybird works well for that.

Some customers also use the product for operational intelligence, such as realtime dashboards that you can share internally within a company. Your teams can react more quickly and always know if everything is running fine.

You can also use Tinybird as the basis for some automation or complex event processing. For instance, you can leverage Tinybird to build a web application firewall that scans your traffic and reacts in realtime.

Tinybird has raised a $3 million seed round led by Crane.vc with several business angels also participating, such as Nat Friedman (GitHub CEO), Nicholas Dessaigne (Algolia co-founder), Guillermo Rauch (Vercel CEO), Jason Warner (GitHub CTO), Adam Gross (former Heroku CEO), Stijn Christiaens (co-founder and CTO of Collibra), Matias Woloski (co-founder and CTO of Auth0) and Carsten Thoma (Hybris co-founder).

A LabCorp shareholder has filed a lawsuit against the laboratory giant, accusing its board of concealing details of two data breaches that affected millions of patients.

The derivative suit, filed on Tuesday by shareholder Raymond Eugenio, targets the company’s leadership and board members, including its chief executive, Adam Schechter.

The first breach hit third-party billing provider AMCA in 2019, affecting 7.7 million LabCorp patients and millions more from other lab test providers, including Quest and BioReference. A second security lapse (discovered by TechCrunch earlier this year involving the exposure of thousands of patient documents) was also referenced in the suit.

At the heart of the complaint, the shareholder claims LabCorp’s “insufficient cybersecurity procedures” contributed in part to the two security incidents, and that the board fell short of its fiduciary duty by not disclosing the security incidents to shareholders. LabCorp also is accused of not informing patients and customers of the breach, and the suit claims the company did not properly inform attorney generals’ offices within the time given under state data breach notification laws.

The suit also accuses LabCorp of failing to “disclose this breach in any widely disseminated public release or SEC filing,” adding that the incidents noted in the complaint were “unlawfully concealed from LabCorp shareholders.”

LabCorp spokesperson Mike Geller said the lawsuit “will be vigorously defended.”

News of the suit was first reported by Bloomberg Law. You can read the complaint here.

Amazon has fired a number of employees after they shared customer email address and phone numbers with a third-party “in violation of our policies.”

The email to customers sent Friday afternoon, seen by TechCrunch, said an employee was “terminated” for sharing the data, and that the company is supporting law enforcement in their prosecution.

Amazon confirmed the incident in an email to TechCrunch. A spokesperson said a number of employees were fired. But little else is known about the employees, when the information was shared and with whom, and how many customers are affected.

“No other information related to your account was shared. This is not a result of anything you have done, and there is no need for you to take any action,” the email read to customers.

An email to Amazon customers, saying an employee was fired. Amazon said multiple employees were fired.

It’s not the first time it has happened. Amazon was just as vague about a similar breach of email addresses last year, in which Amazon declined to comment further.

In a separate incident, Amazon said this week that it fired four employees at Ring, one of the retail giant’s smart camera and door bell subsidiaries. Ring said it fired the employees for improperly viewing video footage from customer cameras.

Updated headline to clarify that an unknown number of employees were fired.

Away co-founder Steph Korey, the one who stepped down as CEO following reports of her role in creating a toxic culture, is back at the helm of the luggage startup, The New York Times reports.

The original plan was for Lululemon COO Stuart Haselden to take over today and, in a way, he will. Though, Haselden will now be co-CEO along with Korey. In an interview with the NYT, Korey said the board changed its mind after realizing it wasn’t the right move.

This all comes after The Verge’s explosive investigation into Away’s toxic workplace. Since then, the company has hired a lawyer, Elizabeth M. Locke, though has not filed a lawsuit. If Locke’s name sounds familiar, it may be because she’s the one who successfully sued Rolling Stone for defamation regarding an alleged gang rape at the University of Virginia.

“Steph Korey responding to our reporting by saying her behavior and comments were ‘wrong, plain and simple’ and then choosing to step down as CEO speaks for itself,” The Verge editor-in-chief Nilay Patel said in a statement to the NYT.

Following The Verge’s story, which described a workplace where Korey was known for berating employees via Slack, Korey tweeted last month that she was “making things right” at the company.

“I’m not proud of my behavior in those moments, and I’m sincerely sorry for what I said and how I said it,” she tweeted. “It was wrong, plain and simple.”

She added that she had also been working with an executive coach since those incidents the report highlighted. According to The Wall Street Journal, Away had been looking for Korey’s replacement since the spring.

In a Slack note sent to employees today, Korey said what happened in December created a lot of confusion, and more questions than answers. She added that it “unleashed a social media mob — not just on me, but also on many of you.”

At this point, Away’s plan is to consider legal action against The Verge and try to improve lines of communication within the company.