Sammy Heung reports: Hong Kong’s privacy watchdog has threatened to take legal action against a data management firm for failing to protect the credit histories of about 180,000 people from unauthorised access. The Office of the Privacy Commissioner for Personal Data on Thursday said it received a complaint in December 2021 from an individual who…
Category: Commentaries and Analyses
Infostealers: a threat that is still largely (too) stealthy
In September, Britton White and PogoWasRight.org teamed up to produce an explainer and caution about infostealers that was oriented to the public. Our article, Redline: Storing Passwords in your Browser Can Ruin Your Life (But Will Make Criminals VERY Happy!) included cautions about employees who work from home and who might have their login credentials…
NYSDFS Fines Lender and Mortgage Servicer $4.25M for Cybersecurity Failures Including Vendor Management
Joseph Lazzarotti of JacksonLewis writes: Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500. In…
Two ransomware groups claimed to have attacked Albany ENT & Allergy Services and leaked data, but AENT doesn’t mention that at all in their notification?
On April 28, DataBreaches reported that two different ransomware groups claimed to have attacked Albany ENT & Allergy Services, P.C. in Albany, New York. This week, Albany ENT & Allergy Services notified regulators and 224,486 affected employees and patients about a breach. Their notification is stunning, however, for its lack of certain details. In their…
NT Health throws breach notification obligations out the window; says patients should call them to find out if they were affected?!
According to Northern Territory Health’s website, the Australian government agency manages the Northern Territory public health system, operating across five service delivery regions, six hospitals, 74 health clinics, and seven corporate offices. “As NT Health, we work together as one system in partnership with individuals, families, the community, Aboriginal heath organisations and stakeholders to provide…
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks
Sergiu Gatlan reports: A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims’ networks. “Financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7) has come out of a long period of inactivity,” the company said in…