Amanda Audi reports: Federal government agencies were convicted for leaking data of beneficiaries of Auxilio Brasil, a flagship federal aid program now renamed as Bolsa Familia, to financial agencies offering payroll deduction loans to low-income Brazilians. Prior to elections last year, the administration of former President Jair Bolsonaro launched a program allowing people enrolled in…
Category: Breach Incidents
Massive ransomware attack on Sri Lanka’s state email domain
Sri Lanka Mirror reports: All Government offices using the “gov.lk” email domain, including the Cabinet Office, have lost data from May 17 to August 26, 2023, after a massive ransomware attack, the Information and Communication Technology Agency (ICTA) has confirmed. The virus could have affected around 5,000 email addresses, ICTA CEO Mahesh Perera said, admitting…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Minnesota Department of Employment and Economic Development: security incident may have resulted in some job seekers’ contact info being compromised
KSTP reports: The Minnesota Department of Employment and Economic Development (DEED) says it’s notified job seekers that a recent security incident may have resulted in some personal information being compromised. A DEED spokesperson says the agency recently received information about suspicious communications from one or more persons claiming to be representatives of an approved company…
Coca-Cola FEMSA victim of ransomware attack and data leak
Coca-Cola FEMSA is the bottler of Coca-Cola and its related soft drink products in much of Latin America, which makes it an important part of the Coca-Cola system. This week, a threat actor known to DataBreaches as “TheSnake” and as the person who had also hacked a Brazilian clinic, leaked some data from Coca-Cola FEMSA…
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…