NL Times reports: The ICAM Foundation filed a lawsuit against the Ministry of Public Health, Welfare, and Sport and 34 other agencies over a data breach at the GGD health services during the coronavirus pandemic. The foundation is demanding 500 euros compensation for affected people and 1,500 euros for people who can prove that their…
Author: Dissent
UK: Braintree GP surgery warns of data breach after ‘confidential’ information blows across roads
Matt Lee reports: A GP surgery has admitted to a data breach after “confidential” information was blown into the local area whilst being obtained by waste collectors. Mount Chambers Surgery in Braintree says they have reported themselves to the Information Commissioners Office (ICO) over the breach. The GP surgery, on Coggeshall Road in Braintree, looks…
So you leaked data on BreachForums, but weren’t the hacker? Can you be prosecuted for leaking?
In the wake of the arrest of “Pompompurin,” BreachForums’ self-proclaimed owner and moderator, DataBreaches has been contacted by a number of anxious folks who want to know if they are at risk of being arrested for their own actions. Obviously, DataBreaches is not a lawyer or any kind of authority and can’t provide any assurances. …
Illinois Gastroenterology Group settles class action litigation for undisclosed sum
There has been a settlement in litigation stemming from a breach previously noted on DataBreaches. Without admitting guilt or wrongdoing, Illinois Gastroenterology Group has agreed to pay an undisclosed sum to settle claims from an October 2021 data breach first disclosed in April 2022. The incident involved unnamed threat actors accessing and exfiltrating data on…
A listing about a government victim disappeared from LockBit’s site. But why? (UPDATE1)
Update of March 28: It seems LockBit re-listed WCSO last night on their leak site and has dumped data from them, although the files do not seem to be downloading at this time. When an entity has been the victim of a cyberattack, they’d be smart not to discuss the attack via their email system…
Norwegian data protection authority fines U.S. firm almost $240,000 for failure to notify within 72 hours
It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…