Jane Wester reports: U.S. District Judge Nelson Román of the Southern District of New York on Monday dismissed a proposed class action lawsuit against Ally Financial, finding that the plaintiff failed to establish the injury suffered by a data breach incident. Named plaintiff David De Medicis sued the bank in 2021, arguing that the security…
Category: U.S.
Utah Enacts Amendments to State Breach Notification Law
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq) and the Utah Technology Governance Act in the Utah Government Operations Code (§63A-16-1101 et seq). The Utah Technology Governance…
Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations. OFAC is also designating Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ,for…
Commonwealth Healthcare Corporation breached, patient data involved
A new leaksite appeared this past week that appears to have been created for one particular incident. The notice begins: Dear Visitor of Commonwealth Healthcare Corporation LEAK website: We regret to inform you that Commonwealth Healthcare Corporation has experienced a complete data breach from its internal servers. This includes the data of all patients, medical…
OK: Emergency Medical Services Authority notifies patients of hacking incident
Terré Gables of KFOR reports: Emergency Medical Services Authority (“EMSA”) says, it has identified suspicious activity in its IT network and is mailing letters to patients whose information may have been involved. According to EMSA, on February 13, 2024, EMSA identified suspicious activity in its IT network. EMSA immediately initiated its incident response protocols, which involved…
American Renal Associates patients affected by ransomware attack
Marco A. De Felice reports: The American Renal Associates (now known as Innovative Renal Care), with over 230 locations across the United States, has become the latest victim in the clinical-hospital sector of a ransomware attack. Recently, the Medusa group has made thousands of PHI and PII data stolen from the company’s servers on March 2nd publicly available on…