Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
Author: Dissent
BlackCat continues attempting to extort healthcare entities
BlackCat has been busy and continues to attack the healthcare sector here and abroad. Visitors to their leak site this week saw listings for: Coachella Valley Collection Service, a service that provides debt collection services, including “medical, retail, commercial, judgment, and check debt collection.” BlackCat (aka AlphV) claims to have acquired 575 GB of data including…
Paying the ransom: Hospitals face hard choices in cyberattacks | Special Report
Ron Southwick has a thoughtful piece on the complexities of deciding whether or not to pay ransom if a healthcare entity is the victim of a cyberattack. As experts comment, while most experts and law enforcement prefer victims not pay ransom, sometimes entities decide they need to do it. But what are they paying it…
I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.
On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…
Wells Notice Against SolarWinds CISO Could Be First of Its Kind
Com Sivesind writes: SolarWinds Corporation, which suffered a major breach of its Orion software platform in December 2020, submitted a U.S. Securities and Exchange Commission (SEC) filing on June 23rd, saying the enforcement staff of the SEC provided the company with a Wells Notice related to its investigation into the cyber incident. A Wells Notice is a…
Breach of the Protection Obligation by Fullerton Healthcare and Agape CP Holdings
From the Privacy and Data Protection Commission of Singapore, there’s an update to a breach that was previously disclosed in October 2021: A financial penalty of $58,000 and $10,000 was imposed on Fullerton Healthcare and Agape CP Holdings respectively for failing to put in place reasonable security arrangements to protect personal data belonging to Fullerton…