On August 6, media in Colorado reported that the City of Lafayette had paid $45,000 to get a decryption key following a ransomware attack. On August 24, the city published a notification about the incident: This public notice is intended to advise residents, employees, and customers of an incident involving a cyberattack on the City…
Category: Breach Incidents
More Canadian entities hit with ransomware
Updated August 24: The #DarkSide’s victim is Brookfield Residential. Brookfield Residential describes themselves as a North American land developer and new home builder, and the “flagship North American residential property company of Brookfield Asset Management.” On their leak site, the threat actors had linked to Brookfield.com, which is Brookfield Asset Management, but the documents dumped…
CO: Mental Health Partners discloses email hack potentially compromised employee and patient data
Mental Health Partners (also known as “Mental Health Center of Boulder County Inc.) issued a press release this week about an employee email account compromise discovered in late March. An investigation revealed that the personal information of some MHP clients and current and former employees may have been accessed or taken during the incident. The…
ZA: Social grant applications found dumped in Ndedwe
Nothando Mkhize reports that a pile of social grant applications were found on a street in Ndwedwe. The South African Post Office is investigating to see if they were stolen from a post office during a burglary last month. In a puzzlingly vague statement, a spokesperson noted that an employee has been suspended. But why?…
Ransomware – The New (Too-High) Cost of Doing Business
Gemini Advisory has released a paper that makes the point that in 2020, it may be best to view ransomware incident costs as part of the cost of doing business. And with more people working from home these days, there is an increased risk of security incidents, as threat actors may be able to relatively…
AU: HealthEngine ordered to pay $2.9m for ‘misleading conduct’
Matt Woodley reports: The settlement saw HealthEngine admit to providing non-clinical personal information – such as names, dates of birth, phone numbers and email addresses – to nine different third-party private health insurance brokers without properly informing consumers. This arrangement earned the online medical booking platform more than $1.8 million over a period of four…