New York Attorney General Letitia James today announced a settlement with Dunkin’ Brands, Inc. (Dunkin’) — franchisor of Dunkin’ Donuts — resolving a lawsuit over the company’s failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. The settlement requires the company to notify customers impacted in the attacks, reset those customers’…
Category: Commentaries and Analyses
Interim Report on the Blackbaud Breach: 3.4 Million Patients and Counting
The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some…
Researcher kept a major Bitcoin bug secret for two years to prevent attacks
Catalin Cimpanu reports: In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue. Technical details were published earlier this week after the…
Even cybersecurity companies spill data and passwords
Danny Palmer reports: The business of cybersecurity companies is to keep users safe from hackers and cyber attacks but almost all cybersecurity providers have themselves had data leaked or stolen and published on dark web forums. Research by application security company Immuniweb found that nearly all of the top cybersecurity companies have had corporate data…
Singapore Says Grab’s Fourth Privacy Breach Is Concerning
Ameya Karve and Yoolim Lee report: Singapore’s privacy regulator imposed a S$10,000 ($7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc. In August 2019, an update of Grab’s mobile application exposed the personal data of more than…
NorthShore health system reports 348,000 affected by Blackbaud breach
Ugh. I’ve been so busy adding Blackbaud incident-related reports to my worksheets that I maintain for my research with Protenus for Breach Barometer that I forgot to post some incidents here. Thankfully, a kind reader gave me a gentle poke to let you know that Lisa Schenker reported that NorthShore University HealthSystem is notifying approximately 348,000…