The Federal Trade Commission has finalized an order against Blackbaud Inc. settling allegations that its lax security practices allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers. In a complaint first announced in February 2024, the FTC charged that the South Carolina firm,…
Category: Commentaries and Analyses
Mosaic Mental Health notifies patients of breach
On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no further details were available at the time. On April 3, more than six months later, they sent out notification letters. Massachusetts…
UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments
Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)),…
British Library’s candid ransomware comms driven by ’emotional intelligence’
Connor Jones reports: Emotional intelligence was at the heart of the British Library’s widely hailed response to its October ransomware attack, according to CEO Roly Keating. The British Library’s (BL) ransomware attack last year was one of the most damaging in recent memory, at least in the UK. The transparency of the organization’s response over…
Telemarketing: the Privacy Guarantor sanctions Enel Energia. The company had not protected its databases from access by abusive brokers
Seen at GPDP: Telemarketing: the Privacy Guarantor sanctions Enel Energia The company had not protected its databases from access by abusive touts The Privacy Guarantor has imposed a fine of over 79 million euros on Enel Energia for serious shortcomings in the processing of personal data of numerous users in the electricity and gas sector, carried out…
‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts
Here’s your “definitely want to read this one today” piece. Zack Whittaker reports: The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets….