Matt Fisher has a post on a topic near and dear to DataBreaches’ heart: how much detail to include in a brief notification. Matt covers the minimum requirements, as mandated by HIPAA, but then starts to consider more complex situations. He writes, in part: Without being able to cover every scenario or nuance, there are…
Category: Commentaries and Analyses
Medibank defends decision to not pay hackers ransom for stolen data as it contacts 480,000 customers
Nassim Khadem and Daniel Ziffer report: Medibank’s boss says the company will begin directly communicating with nearly half a million customers whose health data is believed to have been stolen, weeks after it first became aware hackers had breached its customer database. Medibank’s chief executive David Koczkar said the company had today started communicating with…
Worok hackers hide new malware in PNGs, while ARCrypter ransomware expands reach from Latam to world
Two reports related to malware: Bill Toulas reports: A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity in early…
Surprise: Daniel Kaye, operator of The Real Deal, pleads guilty to one count, is sentenced to time served, and is released.
It seems like only weeks ago that the U.S. Attorney’s Office for the Northern District of Georgia was trumpeting the arraignment of Daniel Kaye, who had been indicted last year. Oh wait, it was only weeks ago. Kaye, also known as “Popopret,” “Bestbuy,” “TheRealDeal,” “Logger,” “David Cohen,” “Marc Chapon,” “UserL0ser,” “Spdrman,” “Dlinch Kravitz,” “Fora Ward,”…
Hong Kong regulator issues investigative report on 2021 Fotomax ransomware incident
The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong published an investigation report today concerning a ransomware attack on the database of Fotomax (F.E.) Limited. From the news release: The investigation arose from a data breach notification lodged by Fotomax with the PCPD on 1 November 2021, which reported that the…
UK: Hacked evidence and stolen data swamp English courts
Franz Wild, Ed Siddons, Simon Lock, Jonathan Calvert, and George Arbuthnott report: A multimillion-pound high court case between an authoritarian Gulf emirate and an Iranian-American businessman has revealed how hacked evidence is being used by leading law firms to advance their clients’ claims. It includes allegations that a former Metropolitan Police officer hired Indian hackers…