IC3.gov PIN 20220914-001 14 September 2022 TLP: WHITE Summary The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare…
Category: Commentaries and Analyses
OIG Warns USCIS Over Unauthorized Access to Systems and Information
Kylie Bielby reports: The Office of Inspector General (OIG) says U.S. Citizenship and Immigration Services (USCIS) did not apply the access controls needed to restrict unnecessary access to its systems, networks, and information. Access controls help to limit individuals from gaining inappropriate access to systems or data. But an OIG audit has found that USCIS…
Federal Court holds nonprofit health center is immune from data breach class action
Daniel Rockey of Bryan Cave Leighton Paisner writes: In a case of first impression, the United States District Court for the Southern District of California granted the motion of Defendant Neighborhood Healthcare seeking order compelling the United States to defend a putative class action lawsuit alleging that Neighborhood failed to ensure the confidentiality of her…
Twitter’s cybersecurity flaws pose national security risk, whistleblower tells Congress
Kelsey Reichmann reports: Cybersecurity failures at Twitter are endangering users’ data and putting national security at risk, the company’s former security chief, Peiter “Mudge” Zatko, told lawmakers at a hearing on Tuesday. Zatko appeared before the Senate Judiciary Committee to testify about allegations he made against the social media giant earlier this year. In reports…
Singapore corporations making progress in preventing cyberattacks
It was a back-handed compliment of sorts: experienced hackers telling DataBreaches that it had gotten noticeably harder for them to successfully attack big corporations in Singapore. “The most difficult country to attack now, are Singapore companies,” they told DataBreaches in a chat. “A lot has changed since 3 years ago. It is hard to even…
It’s like a veritable fire sale on Indonesians’ personal data
Indonesia’s private data protection bill cleared another hurdle and could be voted into law this week. As Bloomberg reports: Data operators could face up to five years in jail and a maximum fine of 5 billion rupiah ($337,000) for leaking or misusing private information, according to Indonesia’s new data privacy bill set to be passed…