Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the…
Category: U.S.
Morgan Stanley client accounts breached in social engineering attacks
Sergiu Gatlan reports: Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a…
Even More Patient Data May Have Been Stolen in 2021 Ransomware Attack: Scripps Health
Artie Ojeda reports: Almost one year after a devastating ransomware attack on Scripps Health, patients have received a letter advising additional personal information may have been compromised. NBC 7 obtained a copy of the letter dated March 15. It references the cyberattack that occurred between April 26, 2021, and May 1, 2021. Read more at…
Okta’s response to Lapsus$’s claimed hack has people asking, “Why didn’t you tell us in January?”
Yesterday was not a great day for Okta. Their CSO, David Bradbury, issued a statement responding to Lapsus$’s claimed hack, but his statement led to a counter-response by Lapsus$ and even more critically, perhaps, people started asking why, if Okta knew about something in January, they had not disclosed it then. First, here’s Bradbury’s statement:…
Microsoft confirms they were hacked by Lapsus$ extortion group
Lawrence Abrams reports: In a new blog post published tonight, Microsoft has confirmed that one of their employee’s accounts was compromised by Lapsus$, providing limited access to source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our…
KOAM obtains document detailing cost of City of Joplin data breach
Chris Warner reports: In July of last year, the City of Joplin had what they called a “network security incident”. It ultimately shut down city phones, online services, and someone outside managed to take files out of the city’s network. That impacted employees, as some employer-sponsored health plan files were taken, and some residents were…