Top Class Actions reports there is a settlement involving Preferred Home Care in New York. The lawsuit alleged the provider failed to protect employee and patient data from an attack in January 2021. The data breach allegedly compromised the information of 92,283 patients and employees, including sensitive health information and personal identifiers such as Social…
Author: Dissent
Oakland continues to work on recovery from ransomware attack; Play claims responsibility
As the City of Oakland continues to work to recover from a ransomware attack that began on February 8 and that resulted in the city declaring a state of emergency on February 14, the Play ransomware group has claimed responsibility for the attack. Play does not indicate how much data they acquired, but threaten to…
FTC Publishes Blog Post on Data Security Practices for Complex Systems
Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders. Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.” These practices include: (1) offering multi-factor…
Hackers steal gun owners’ data from firearm auction website
Lorenzo Franceschi-Bicchierai reports: Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned. The breach exposed reams of sensitive personal data for more than 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords and telephone numbers. Also, the stolen data allegedly…
Cyber Plan Would Hold Software Makers Responsible in Hacks
Katrina Manson reports: The Biden administration is set to release an aggressive new national cybersecurity strategy on Thursday that seeks to shift the blame from companies that get hacked to software manufacturers and device makers, putting it on a potential collision course with big technology companies. The 35-page strategy, shared in advance with a group…
CISA Advisory: Royal Ransomware
Release Date: March 02, 2023 Alert Code: AA23-061A SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations…