An article by William Maruca of FoxRothschild is headlined, “Ransomware Claims A Victim.” It discusses the case of Brookside ENT, whose doctors decided to shutter their practice and retire a year early after a ransomware attack that encrypted their patient data, billing information, scheduling information, and even their backups. In other words, the attacker successfully…
Month: April 2019
MN: Riverplace Counseling Center Notifies 11,639 Patients After Security Incident
From their notice: ANOKA, MINNESOTA – April 11, 2019 – Riverplace Counseling Center has become aware of a potential data security incident that may have resulted in the unauthorized access to personal information, including health information. Although at this time, there is no evidence of any attempted or actual misuse of anyone’s information as a…
Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet
Remember what I said earlier today about India being a data protection mess? Here’s another example. Mohit Kumar reports: An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on…
India: Rising Cybercrime Frontier
For the past year or more, I’ve been receiving numerous tips and notifications from trusted researchers about leaks and breaches involving entities in India. While some of the incidents involve alleged miscreants, other incidents involve human error or misconfiguration situations. But as many of us have experienced and reported, when it comes to data protection…
SEC Issues Privacy and Data Security Risk Alert
Joseph Lazzarotti of JacksonLewis writes: Following recent examinations of SEC-registered investment advisers and broker-dealers, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) published a privacy risk alert on April 16, 2019. OCIE is hoping to remind advisers and broker-dealers about providing compliant privacy and opt-out notices, and adopting and implementing effective policies and…
Source code of Iranian cyber-espionage tools leaked on Telegram
Hell hath no fury like a vengeful insider, Wednesday edition. Catalin Cimpanu reports: In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten. The hacking tools are nowhere near…