David Barker of Pinsent Masons writes: Many of the growing number of data protection-related claims being filed against businesses to have fallen victim to cyber attacks are being brought not just under data protection legislation but also in the alternative as claims for breach of confidence or misuse of private information. A recent ruling should…
Category: Commentaries and Analyses
U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet.
—– A DataBreaches.net report by Dissent and Chum1ng0 —– Since 2018, threat actors known as “Pysa” (for “Protect Your System Amigo”) have used mespinoza ransomware to lock up victims’ files after exfiltrating a copy of them. In early 2020, alerts about these “big-game hunters” were published by both the FBI and CNIL . Since then,…
Suspect File updates the Blackbaud incident tally for the education sector
Courtesy of Suspect File, this update to the list of educational entities impacted by the 2020 Blackbaud ransomware incident: UPDATE (5) of 31.07.2021 (June / July 2021) Total number of people involved 7,984,697 (+5,907) In the update of 07/31/2021, 3 new Institutions affected by the Blackbaud Data Breach are added. As of 30.05 2021, the…
Westfield IT director stops what appeared to be active cyber security breach after clerk-treasurer issues third-party contract
Did a city’s IT Director stop a breach in progress or did he just interrupt a forensic investigation by a firm that had been hired but never identified to his office? Anna Skinner reports on what seems to be a case of Westfield officials either not communicating well with each other, or not trusting each…
New destructive Meteor wiper malware used in Iranian railway attack
Lawrence Abrams reports: A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards…
NC: Sandhills Center remains silent after threat actors claim to have hacked them and exfiltrated 634 GB of their files
Update of September 4: Sandhills subsequently issued a press release that indicates that they could not confirm that the data came from them. See the follow-up report here. Original post: Sandhills Center in North Carolina manages public mental health, intellectual/developmental disabilities and substance use disorder services for the citizens of Anson, Guilford, Harnett, Hoke, Lee,…