Press Release of November 28: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for violations of DFS’s Cybersecurity Regulation (23 NYCRR Part 500) stemming from a large-scale cybersecurity breach in May 2019. The breach…
Category: Exposure
KidSecurity’s user data compromised after app failed to set password
Paulina Okunytė reports: KidSecurity, a popular parental control app that’s used to track children, has exposed its activity logs, leaving users’ private data in the hands of threat actors. With more than a million downloads on Google Play, KidSecurity provides parents with services to track their children’s location, listen to the sounds around the child…
Enterprise software provider Tmax leaks 2TB of data
Jurgita Lapienytė reports: A Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records. The 2 TB-strong Kibana dashboard has been exposed for over two years. Cybernews researchers discovered it back in January 2023, noting the set of data was first spotted in June 2021. Our team attributed the dashboard…
A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?
DataBreaches would have passed over a listing on LockBit3.0’s site if Brett Callow hadn’t kindly called our attention to it. The listing by the threat actors was for HSKS Greenhalgh Chartered Accountants and Business Advisors, and LockBit claimed to have exfiltrated 168 GB of files with: Employees (NIN numbers, passport scans, ID scans, Employee forms…
Does claiming you were hacked when you had really just screwed up violate the FTC Act?
On November 12, DataBreaches published an OpEd, If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures. Today, we post another example of why we need to legislate and enforce data breach notification laws that prohibit deceptive statements and mandate more disclosure when data has been leaked. This week,…
States settle with Morgan Stanley for $6.5 million over data security incidents
In addition to Florida, represented by Consumer Protection Division Multistate and Privacy Bureau Chief Patrice Malloy and Senior Assistant Attorney General Diane Oates, the following states joined the action: Connecticut, Indiana, New Jersey, New York and Vermont. To view a copy of the agreement, click here. Source: MyFloridaLegal.com