Evan Dyer reports: The Conservative Party has written to Privacy Commissioner Philippe Dufresne asking him to speed up his investigation of a federal government data breach that exposed the identities of hundreds of Afghans seeking Canada’s help to escape from the Taliban in October 2021. Dufresne announced on November 15 of last year that his…
Category: Commentaries and Analyses
New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks
Lawrence Abrams reports: A new data extortion group named ‘Donut Leaks’ is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. […] Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang…
HC3: Analyst Note: Karakurt Threat Profile
HC3: Analyst Note TLP: White Report: 202208241200 Executive Summary Karakurt ransomware group, also known as the Karakurt Team and Karakurt Lair, is a relatively new cybercrime group, with researchers reporting its first emergence in late 2021. Karakurt actors claim to steal data and then threaten to auction it off or release it to the public…
OCR Settles Case Involving Decade-Long Improper Disposal of Protected Health Information
There is an enforcement update to an incident noted on this site in 2018. The incident that involved New England Dermatology P.C., d/b/a New England Dermatology and Laser Center (“NDELC”) was summarized by HHS in their resolution agreement and corrective action plan for this case: On May 11, 2021, NEDLC filed a breach notification report…
Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
By Donie O’Sullivan, Clare Duffy and Brian Fung, CNN Business Video by John General, Zach Wasser and Logan Whiteside, CNN Business Portraits by Sarah Silbiger for CNN Twitter has major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy, according to an explosive…
Transparency #FAIL: Why won’t Anthem/Elevance Health answer a simple question about breaches?
A DataBreaches opinion piece. You might think a giant insurer like Anthem, which has experienced at least several breaches over the years — including one of the most significant breaches ever — would understand the importance of transparency by now. Apparently not. On May 24, Anthem (now known as Elevance Health) posted a notice on…