Kareem Chehayeb reports: Pakistani cybersecurity researcher Etizaz Mohsin was in a hotel room in Qatar when he unexpectedly discovered a technical vulnerability in its internet system that exposed the private information of hundreds of hotels and millions of guests worldwide. […] “I found out that there is a service running rsync [file synchronization tool], which…
Author: Dissent
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the…
Morgan Stanley client accounts breached in social engineering attacks
Sergiu Gatlan reports: Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a…
Data leak at Desjardins: Industry watchdog wants to ban mortgage broker
Hugo Joncas reports (machine translation follows): Mathieu Joncas, who is also a private lender, bought confidential information on “150,000 to 200,000” Desjardins customers without ensuring their consent. During the hearings, he admitted having given this information to a fellow broker in January 2017. In September 2021, the disciplinary committee of the Organisme d’autoréglementation du courtage…
Even More Patient Data May Have Been Stolen in 2021 Ransomware Attack: Scripps Health
Artie Ojeda reports: Almost one year after a devastating ransomware attack on Scripps Health, patients have received a letter advising additional personal information may have been compromised. NBC 7 obtained a copy of the letter dated March 15. It references the cyberattack that occurred between April 26, 2021, and May 1, 2021. Read more at…
Physician Sentenced to Prison for Health Care Fraud Scheme
A Florida physician was sentenced today in the Southern District of Florida to two years in prison for a health care and wire fraud scheme involving the submission of false and fraudulent claims to both Medicare and a financial services company that offered consumer loans to patients for out-of-pocket medical expenses. According to court filings…