Patrick H. Haggerty and Elise Elam of BakerHostetler write: On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for…
Author: Dissent
AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach
Jonathan Greig reported: Telecommunications giant AT&T denied any connection to a database of stolen information that included the Social Security numbers of 23 million Americans. First reported by Brian Krebs, Milwaukee cybersecurity company Hold Security said it found a 3.6 GB file on a dark web platform that contained Social Security numbers and information belonging to…
Recent Cedar Rapids Schools letter to parents confirms ransom payment after cyberattack
KWWL reports: In a message to families and staff on Friday, the Cedar Rapids School District (CRCSD) said it paid a third-party entity in an attempt to stop vital information from being released during a recent cyber security incident. The letter sent to parents, viewable on KWWL’s site, says: As part of the process to…
Waterloo Region District School Board confirms ‘student information was accessed’ during July cyber incident
Chris Thomson reports: Waterloo Region’s public school board has confirmed that “certain student information was accessed” during a cyber incident last month. An email sent to Waterloo Region District School Board (WRDSB) students and families Friday evening stated that the board is still investigating “the full scope of the impact on student information” and will…
USAA Must Face Lawsuit Over Driver’s License Disclosures
Samantha Hawkins reports: United Services Automobile Association must face claims that it disclosed individuals’ driver’s license numbers to cybercriminals, after a federal judge in Manhattan refused to dismiss the suit. Vincent Doland and Christine Mapes sued the insurance company under the Driver’s Privacy Protection Act and New York State General Business Law, claiming that cybercriminals used…
UK: Around 5,000 Dorset hospital patient images deleted
Andrew Goldman reports: Thousands of radiology images, including breast screenings, of Dorset patients have been accidentally deleted. University Hospitals Dorset (UHD) has insisted implications to patients are “very low” after the Echo discovered approximately 5,000 health images taken during a period in 2019 were wiped during a routine archive process. Images lost include 214 clinical…