22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…
Category: Commentaries and Analyses
Episcopal Retirement Services suffered two ransomware attacks in a one-month period
It’s bad enough experiencing one ransomware attack. Imagine experiencing two, because that’s what Episcopal Retirement Services (ERS) in Ohio has been dealing with. On or about September 24, ERS discovered that i had been the victim of what it describes as a cyberattack that impacted its systems and servers. Then on October 22, they experienced…
Six million Sky routers exposed to takeover attacks for 17 months
Bill Toulas reports: Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. The disclosed vulnerability is a DNS rebinding flaw that threat actors could easily exploit if the user had not changed the default admin password, or a threat…
[Conti] Ransomware Group In-Depth Analysis
PRODAFT Threat Intelligence (PTI) Team has obtained valuable insights on the inner workings of the Conti ransomware group. The PTI team accessed Conti’s infrastructure and identified the real IP addresses of the servers in question. This report provides unprecedented detail into the way the Conti ransomware gang works, how they select their targets, how many…
Number of cyber-attacks infiltrating critical New Zealand networks soars
Adam Bannister reports: New Zealand’s National Cyber Security Centre (NCSC) has observed a 15% year-on-year jump in cyber-attacks against the country’s “nationally significant” organizations. More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, published today (November…
Complaining about Canada’s alleged failure to extradite someone makes no sense when there’s no request to extradite
Yesterday, DataBreaches.net reported on a hoax email sent from a government system by an individual who calls himself “Pompompurin” on Twitter (@Pompompur_in). Pompompurin had immediately claimed responsibility for the incident and gave out interviews left and right. Despite Pompompurin taking responsibility for the hoax email, Vinny Troia of NightLion Security and ShadowByte immediately claimed that…