For a summary of basic state notification requirements that apply to entities who “own” data, download Foley & Lardner’s State Data Breach Notification Laws Chart. They write: This chart is current as of June 2, 2025, and should be used for informational purposes only because the recommended actions an entity should take if it experiences a…
WestJet investigates cyberattack disrupting internal systems
Lawrence Abrams reports: WestJet, Canada’s second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. “WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users,” reads a security advisory on WestJet’s site. “We have activated specialized…
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Claims of “negligence” are often raised in lawsuits. DataBreaches is not a lawyer, of course, but wonders whether by now, we should consider a plastic surgeon “negligent” in their data security if they store nude photos of their patients with patient names and identity information in plain text and no strong encryption or suitable alternative…
India: Servers of two city hospitals hacked; police register FIR
The Times of India reports: New Delhi: Delhi Police has registered an FIR after the servers of two hospitals in north Delhi, Sant Parmanand Hospital in Civil Lines and NKS Super Speciality Hospital in Gulabi Bagh, were allegedly hacked. Patient data, financial records and administrative files were accessed during the breach, which took place…
Ph: Coop Hospital confirms probe into reported cyberattack
Palawan News reports: The Palawan Medical Mission Group Multipurpose Cooperative (PMMGPMC), operator of the Coop Hospital in Puerto Princesa City, confirmed Thursday night that it is investigating a reported ransomware attack allegedly carried out by the cybercriminal group Qilin. The confirmation came in a public advisory following claims that Qilin, a ransomware-as-a-service (RaaS) operation that…
Slapped wrists for Financial Conduct Authority staff who emailed work data home
How many warnings would you give employees not to send work to their personal email accounts? And why hasn’t a government agency deployed a software solution to prevent such transmissions? Connor Jones reports: Four staffers at the UK’s Financial Conduct Authority (FCA) were let off with warnings over separate cases involving the transmission of regulator…