Claims of “negligence” are often raised in lawsuits. DataBreaches is not a lawyer, of course, but wonders whether by now, we should consider a plastic surgeon “negligent” in their data security if they store nude photos of their patients with patient names and identity information in plain text and no strong encryption or suitable alternative…
Category: Breach Incidents
A guilty plea in the PowerSchool case still leaves unanswered questions
On June 6, 19-year-old Matthew D. Lane pleaded guilty in federal court in Massachusetts to one count each of conspiracy to commit cyber extortion, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The first two charges were related to an unnamed telecom company identified as “Victim 1.” The third and fourth charges…
RCMP thumb drive with informant, witness data obtained by criminals: watchdog
Jim Bronskill reports: The RCMP lost a USB key containing personal information about victims, witnesses and informants, and later learned it was being offered for sale by criminals, the federal privacy watchdog says. A detailed report from the Office of the Privacy Commissioner of Canada reveals the RCMP told the watchdog about the breach in March…
Resource: Insider Threat reports
On a daily or weekly basis, DataBreaches highlights insider wrongdoing incidents and the harm they can cause. For more comprehensive compilation and analysis of the topic, readers may be interested in the Insider Threat Incidents For May 2025 report produced by the National Insider Threat Special Interest Group and Insider Threat Defense Group. Their previous…
Data breach of patient info ends in firing of Miami hospital employee
Michelle Marchante provides today’s reminder of the insider threat: More than 2,000 patients at Jackson Health System had their personal data, including names, address and medical information, accessed in a lengthy breach that spanned nearly five years. The data breach was conducted by a Jackson employee who accessed the information to promote a personal healthcare…
CISA Alert: Updated Guidance on Play Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection. Since June…