We don’t see breach notifications from k-12 districts that often, but here’s one submitted to the California Attorney General’s Office from the Mt. Diablo Unified School District: On April 27, 2017, when parents tried to access their student’s data through the HomeLink Portal, they were able to view information, as described below, of a student…
Month: May 2017
Court Applies Work Product Protection to Breach Investigation Reports
Al Saikali of Shook Hardy & Bacon LLP writes about a key issue that has come up a number of times in discussing incident response and liability: One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from…
How ECMC got hacked by cyber extortionists
Henry L. Davis provides some greater depth to the coverage of the ransomware attack on Erie County Medical Center: It was 2 a.m. Palm Sunday. Computer screens across Erie County Medical Center flashed white with bright red words: “What happened to your files?” The ransom demands began with hot pink text. “Step1: You must send us…
Tax worker fired after biggest privacy breach at Revenue Canada
Dean Beeby reports: The Canada Revenue Agency has fired an employee for the biggest single privacy breach ever detected involving confidential taxpayer accounts. The employee improperly accessed the accounts of 38 taxpayers in detail, and briefly accessed another 1,264 accounts using a search function to find surnames and postal codes. Read more on CBC.
Convicted Russian Cyber Criminal Roman Seleznev faces charges in Atlanta
May 19 – Roman Seleznev, of Vladivostok, Russia, has been arraigned on federal cyber fraud charges associated with the 2008 hack and theft of banking credentials from RBS Worldpay, a payment processing company located in Atlanta, Georgia. Seleznev was indicted by a federal grand jury on December 22, 2014. “In 2008, an American credit card processor…
Font sharing site DaFont has been hacked, exposing thousands of accounts
Zack Whittaker reports: A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts. Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name. The passwords were scrambled with the…