It’s been more than a decade since DataBreaches covered any significant data breach involving the Aloha POS system, and back then it was owned by Radiant Systems. In 2011, NCR Corporation bought Aloha POS. Things were fairly quiet since then, if you don’t count NCR’s response to a zero day RCE vulnerability that NCR somewhat…
Category: Commentaries and Analyses
Lawsuit Claims Mount Nittany Health Shared Private Patient Information with Facebook, Google (update1)
Geoff Rushton reports: A lawsuit filed in Centre County Court this week alleges that Mount Nittany Health violated medical privacy rights by disclosing patients’ private information to Facebook, Google and other third-party websites without their knowledge. Ah. Another tracker lawsuit, right? What caught DataBreaches’ eye about this one was the following: … Mount Nittany has…
Patient Advances Data Breach Class Action Against Lamoille Health
Christopher Brown reports: Lamoille Health Partners Inc. must face a proposed class action alleging it negligently failed to protect the personal information of 60,000 people that was exposed in a data breach. Lamoille Health wasn’t entitled to immunity from suit under the Public Health Service Act because the lawsuit’s data breach allegations weren’t interwoven with…
Push to ban ransomware payments following Australia’s biggest cyberattack
Luke Huigsloot reports: The Australian government is being pushed to ban the payment of cyber ransoms, usually demanded in cryptocurrency, following a local business suffering a mass data breach and subsequent ransom demand. […] The Australian government’s lead cybersecurity agency, the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay…
Battle could be brewing over new FCC data breach reporting rules
Cynthia Brumfield reports: On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to…
Major Cyber Insurance Overhaul Begins Now
Dan Lohrmann writes: One thing is clear about cyber insurance in the spring of 2023: The status quo is not sustainable. And now, Lloyd’s of London, a major player in the global insurance market, is calling for dramatic changes in the cyber insurance market. According to The Financial Times (FT), “From next month, Lloyd’s will require the dozens…