The NYS Comptroller released another school district IT audit this week. I’ve been publishing these audit reports for a number of years now because they pretty much all show significant data security failures in protecting student and/or employee personal and sensitive information or assets. Sackets Harbor Central School District is a small school district. It…
Category: Commentaries and Analyses
UK: Students got £140,000 from University of East Anglia for private data leak
Bethany Wales reports: The leak in June 2017 saw an email containing confidential details about students’ extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements. Now, a Freedom of Information request has revealed the university’s insurers paid out a…
Maze Team updates its site, dumps more victims’ data
The Maze Team attackers continue to announce more of their ransomware victims that have not complied with their ransom demands, and they continue to dump data from those who do not pay them. When I checked their site again today, I noticed that they had announced that they have dumped all their files on the…
The average ransom demand for a REvil ransomware infection is a whopping $260,000
Catalin Cimpanu reports: .. in a report published today and shared with ZDNet, the security team at KPN, a Dutch telecommunications provider, said it was able to sinkhole and intercept the communications between REvil-infected computers and the REvil ransomware’s command-and-control (C&C) servers. KPN researchers say this allowed them to obtain unique insights into the operations of the…
Georgia’s state agencies nearly recovered from last July’s Ryuk attack
Maggie Lee reports: About six months later and $750,000 poorer, Georgia is nearly back to normal after online attacks that blocked law enforcement officers and the public from accessing electronic records used to settle legal questions. But the money went to pay cyberattack insurance deductibles, not ransoms. Read more on Georgia Recorder.
PIH Health notifies almost 200,000 patients whose protected health information was sitting in employee email accounts that were compromised
Posted by PIH Health on their website on January 10, 2020: Notification of Data Security Incident January 10, 2020 – PIH Health has become aware of a data security incident that may have impacted personal information and protected health information belonging to certain current and former patients. On January 10, 2020, PIH Health notified potentially…