Lawrence Abrams; Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics. Read more at BleepingComputer. Interestingly,…
Author: Dissent
Family Practice Center discloses a breach from October 2021
DataBreaches really and truly does not understand how entities can take so long to investigate some breaches before disclosing them. If HHS feels that seven months from the first detection of an attack to notification is reasonable or acceptable, then let it change the regulations. If it is not acceptable and HHS wants entities to…
Associated Eye Care Partners, LLC discloses vendor breach. Can you guess which vendor?
One of the breach notices that showed up in routine searches this morning was from Associated Eye Care Partners, LLC (“AEC”). The first sentence of the notification letter was: We are contacting you to inform you of a data incident experienced by a third-party vendor for Associated Eye Care Partners, LLC (“AEC”). My mind…
Bits ‘n pieces, Saturday edition
The following are four more incident reports DataBreaches has noted. It is not yet clear whether some of them involve patient data or not. CAROLINA BEHAVIORAL HEALTH ALLIANCE in North Carolina has been notifying law enforcement, state regulators, and patients about a ransomware attack they detected on March 20, the day after it began. Covered…
Health Aid of Ohio settles class action lawsuit stemming from 2021 ransomware attack
There’s one thing I am sure of: even if I fail to cover some breaches on this site, class action lawyers will still be busy suing entities. Top Class Actions reports a settlement in a suit involving a Health Aid of Ohio breach in February of last year. Although not reported on this site at…
The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
Seen on the website of the European Data Protection Board, a decision by Norway’s data protection regulator imposed a 400,000 Eur fine (NOK 4 million) on a municipality that suffered a ransomware attack. The Norwegian Supervisory Authority found that the municipality’s security for personal data was seriously flawed and inadequate. Summary of the Decision Origin…