The Office of Inadequate Security
TechCrunch recently did its annual write-up of badly handled data security incidents. The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…
Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….
Ryan Knappenberger reports: The U.S. Department of the Treasury said on Monday that Chinese-backed hackers had breached its workstations and gained access to unclassified documents earlier this month in what it described as a “major cybersecurity incident.” The announcement comes just over a month after the Senate Intelligence Committee revealed recent Chinese hacks into the…
Threat actors’ leak site unreachable due to DoS attack; DataBreaches given exclusive preview of leak Marc Fortier reports: The hackers behind a major cyberattack that hit the State of Rhode Island’s online system for delivering health and human service benefits have released some residents’ files to a site on the dark web, state officials announced Monday. “Unfortunately,…
Kathleen de Villa reports: The Commission on Audit (COA) has called out the National Privacy Commission (NPC) for its “inadequate” information dissemination efforts, as shown by the dismal number of data privacy officers and systems in both the government and the private sector. Despite being compulsory under the law, only 7.7 percent, or 164 of…
Chris Riotta reports: The U.S. Department of Health and Human Services is ramping up digital efforts to protect Americans in a year that’s witnessed hackers targeting sensitive patient data and major breaches at Ascension and UnitedHealth. HHS is set to unveil a notice of proposed rulemaking requiring healthcare companies to encrypt data, conduct routine compliance…