From Hunton Andrews Kurth: On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates. Read more…
Month: June 2019
FL: ‘Triple Threat’ Ransomware Attack Cripples Email Systems and Services of Lake City
Cyware reports: The Lake City Police Department is investigating a ransomware attack on their city network systems that resulted in the shutdown of several emergency services. The ransomware used in the attack has been detected as ‘Triple Threat’. What happened? In a breach notification, the Lake City police have revealed that the attack occurred on…
FIN8 hackers return after two years with attacks against hospitality sector
Catalin Cimpanu reports that researchers claim to have spotted evidence of ongoing and increasing FIN8 activity: But in a report published today, cyber-security firm Morphisec said it detected and stopped new FIN8 attacks aimed at companies in the hospitality industry. These new attacks leveraged the same malware the group had used in the past but…
Project Svalbard: The Future of Have I Been Pwned
Troy Hunt writes that it’s time for HIBP to grow up.
UK: TalkTalk hacker Daniel Kelley sentenced to 4 years in jail
From the Crown Prosecution Service: A blackmailing hacker behind the TalkTalk cyber-attack – which cost the company £77million after the personal details of 157,000 customers were stolen – has today (10 June) been sentenced. Daniel Kelley, 22, admitted targeting at least six organisations by threatening to sell their hacked data on the ‘dark web’ unless…
KY: Hopkins County school system dealing with data breach
Rachel Smith reports: Parents of Hopkins County schoolchildren were greeted with a message from the school board Thursday morning alerting them of a data security breach. Because of a school board staff member’s password-protected account being compromised, a currently unidentified user had access to a countywide database, which contains the names, dates of birth and…