Another week, another litigation settlement. Top Class Actions reports that UMass Memorial Health Center agreed to pay $1.2 million to resolve claims it failed to protect consumers from a hacking incident and data breach that occurred from June 24, 2020 to January 7, 2021. UMass informed consumers of the breach in October 2021. The breach…
Author: Dissent
Dallas Central Appraisal District paid $170,000 to Royal ransomware attackers
Graham Cluley reports: A Dallas state agency has admitted to paying $170,000 to hackers after it suffered a ransomware attack. The Dallas Central Appraisal District (DCAD) that determines the value of all of the county’s real and personal property for taxation purposes, publicly disclosed that it had been hacked on November 8, 2022. The agency had…
The Center for Autism and Related Disorders notifies patients after vendor’s error caused HIPAA breach
The Center for Autism and Related Disorders (“CARD”) has locations throughout the U.S. On January 24, it experienced a reportable breach when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patient invoices incorrectly made a computer error which resulted in certain caregivers receiving an invoice for…
CISA Alert (AA23-040A): #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
Hackers breach Reddit to steal source code and internal data
Lawrence Abrams reports: Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens. After…
Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements
POSTED DATE: February 09, 2023 AUTHOR: Federal Student Aid ELECTRONIC ANNOUNCEMENT ID: GENERAL-23-09 SUBJECT: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements On December 9, 2021, the Federal Trade Commission (FTC) issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguards Rule), an important component of the Gramm-Leach-Bliley Act’s (GLBA) requirements for protecting the…