Seen at the European Data Protection Board, a decision from the Polish S.A.: Background information Date of final decision: 19 January 2022 Cross-border case or national case: National Case. Controller: Fortum Marketing and Sales Polska S.A. Legal Reference: Integrity and confidentiality (Art. 5(1)(f)), Responsibility of the controller (Art. 24(1)), Data protection by design and by…
Category: Commentaries and Analyses
Exotic Lily is a business-like access broker for ransomware gangs
Jeff Burt reports: A group with links to high-profile ransomware crews Conti and Diavol is working as an internet access broker (IAB) for a Russia-linked cybercriminal gang, according to Google’s Threat Analysis Group (TAG). Exotic Lily gains access to vulnerable corporate networks then sells that access to the highest bidder among threat groups, which then…
Shooting the Whistleblower? Defamation Suit Claims Nuance Communications Gave False Info to FBI, SEC, Retaliated Against Whistleblower
There is an interesting lawsuit stemming from an incident that had previously been claimed to be a rogue insider’s doing. Now Marc Stolowitz, the former employee, is suing the firm, Nuance Communications, claiming that the firm falsely accused him of hacking them to cover up the fact that he was in the process of blowing…
And as the work week draws to a close… (updated)
And as this work week drew to a close, we also learned about these breaches involving patient data that were reported to HHS earlier this month: Dialyze Direct, LLC in New Jersey notified HHS that 14,203 patients were impacted by an incident they coded as a hacking/IT incident involving email. There is no statement on…
HIPAA’s Role in Setting Good Security
Matt Fisher writes: The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is…
While questions about RaidForums remain unanswered, BreachForums opens
On February 25, popular hacking-related forum RaidForums.com (RF) appeared to have been seized. It was not the first time it had appeared to have problems, but in the past, the owner, “Omnipotent” had reappeared briefly to restore the site somewhat. Now it did not appear to be working at all and had been replaced by…