An announcement from the Personal Data Protection Commission of Singapore: The PDPC has updated Guide to Managing Data Breaches 2.0 (now known as the Guide on Managing and Notifying Data Breaches under the PDPA) with details of the mandatory data breach notification requirement under the PDPA. Access the Guide here. The Guide on Active Enforcement has…
Category: Commentaries and Analyses
At-a-glance: the new UK Cyber Security Council
GRC World Forums writes: What is the new UK Cyber Security Council and what will it do? The council is a new independent body which the UK government says will “boost career opportunities and professional standards” in the cyber security sector. It is intended to be a single voice for the industry in the UK…
FBI releases annual IC3 crime report
The FBI Internet Crime Complaint Center (IC3) released their annual report. Overall, the statistics and trends are pretty much what we would have expected to see from reading the news every day. Complaints about crime increased year over year for the past 5 years, with the most significant increase in number of reports occurring in…
Arizona Complete Health notifies plan members of Accellion breach
On February 26, Arizona Complete Health notified plan members of the Accellion breach. According to the notification (see below), the threat actors (who have since self-identified as CLOP) were able to “view or save” member information between January 7 and January 25, 2021. The types of ePHI involved included insured members’ name and one or…
Line app allowed Chinese firm to access personal user data
Catalin Cimpanu reports: In a press conference today, the Japanese government announced it was investigating the parent company behind the Line instant messaging app after a local newspaper reported that engineers at one of the app’s Chinese contractors accessed the messages and personal details of Line users. Read more on The Record.
21 months after a ransomware attack, a business associate breach first shows up on HHS’s breach tool. Here’s why.
HIPAA Journal reports on an incident that is illustrative of the challenges entities may face in the wake of a ransomware attack — determining whether a breach is a reportable incident or not. It also illustrates what may happen if an entity decides something is not a reportable breach but further investigation by the U.S….