Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Category: Breach Incidents
Minnesota Department of Employment and Economic Development: security incident may have resulted in some job seekers’ contact info being compromised
KSTP reports: The Minnesota Department of Employment and Economic Development (DEED) says it’s notified job seekers that a recent security incident may have resulted in some personal information being compromised. A DEED spokesperson says the agency recently received information about suspicious communications from one or more persons claiming to be representatives of an approved company…
Coca-Cola FEMSA victim of ransomware attack and data leak
Coca-Cola FEMSA is the bottler of Coca-Cola and its related soft drink products in much of Latin America, which makes it an important part of the Coca-Cola system. This week, a threat actor known to DataBreaches as “TheSnake” and as the person who had also hacked a Brazilian clinic, leaked some data from Coca-Cola FEMSA…
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
Do IT Consultants victim of attack by Ragnar_Locker
On September 2, Ragnar_Locker added Do IT Consultants in Canada to their “Wall of Shame.” For its listing, they wrote: Due to high level negligence and careless network security of DO IT employees, has been allowed a huge leak which affected on clients of the DO IT company. No matter that they are an IT…