Here’s another breach that has not been in the headlines (or at least, not yet). On November 8, 2020, Nexelis Group discovered that their system had been encrypted by malware. According to the notification letter sent to patients in April, the information was contained on the server of a company that Nexelis recently acquired, Pacific Biomarkers….
Author: Dissent
Medtronic plc notifies patients after employee’s devices accessed by unauthorized person
It hasn’t been in the headlines — at least not yet — but Medtronic, a well-known medical device company, is notifying some customers after an incident one employee’s devices may have compromised personal or patient information. According to a notification letter, on March 12, an employee’s computer, phone, and iPad were “taken and accessed for…
WA: RX Pharmacy, LTC and RX Pharmacies notify patients after discovering hack of email accounts
KNDO and KNDU in Washington report: RX Pharmacy, LTC and RX Pharmacies says their email has been hacked after detecting suspicious activity and protected health information and/or personal information has potentially been compromised. It was discovered that a business email may have hacked on October 6, 2020. Letters have already gone out to those potentially…
Malware group leaks millions of stolen authentication cookies
Catalin Cimpanu reports: To add insult to injury, after users were infected by a malware strain that stole their passwords and personal data, the malware operators forgot to secure their backend servers, which leaked sensitive user information for hundreds of thousands of victims for more than a month. For weeks, Bob Diachenko, Cyber Threat Intelligence Director at…
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software
Charlie Osborne reports: Security researchers have provided insight into how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. In a report due to be published on Thursday, Sophos described the case, in which the team was pulled in to neutralize an active cyberattack…
Privacy Updates from China: Proliferation of Sector-Specific Rules As Key Legislation Remains Pending – Part 2: Data Protection in the Financial Sector
Yan Luo, Zhijing Yu, and Vicky Liu of Covington & Burling write: In Part 1 of this blog series (see here), we discussed recent data protection developments in China’s e-commerce sector. In this post, we discuss recently issued rules aimed at improving data governance in China’s financial sector that could also have data protection implications. These…