So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…
Category: Commentaries and Analyses
Ransomware attacks hit Iowa schools, including Davenport, although public often left in dark
Maggie Bashore has an article on ransomware attacks hitting Iowa school districts over the past three years that covers a lot of issues, including the costs of cyberinsurance over time and the difficulties smaller districts may have in meeting requirements to even get a policy. She reports, in part: Fringer advises 45 school districts in…
Cyber insurers “missing” key nuances in their underwriting strategies
Bethan Moorcraft reports: Cyber insurers are hyper-focused today on best-practice risk mitigation and cybersecurity protocols. Many carriers have introduced minimum security requirements – such as enabling multi-factor authentication (MFA) for email and remote access, and possibly even using end-point detection and response (EDR) technology – before they’ll even consider writing a policy. This type of…
Cyber attacks set to become ‘uninsurable’, says Zurich chief
Ian Smith reports: The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s…
Standing to Sue: Is Theft of Drivers’ License Numbers Sufficient to Allege Imminent Threat of Future Harm?
Ryan P. Blaney, Margaret A. Dale, Nolan Goldberg, and Amy Gordon of Proskauer write: Judge Jeffrey White of the Northern District of California recently dismissed a putative class action lawsuit in which plaintiffs claimed they faced an imminent threat of future of harm in the form of identity theft and fraud because their personal information,…
Update to LastPass incident: Customers should read it
From an update from LastPass: Based on our investigation to date, we have learned that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022. While no customer data was accessed during the August 2022 incident, some source code and technical information were…