Mark Young and Aleksander Aleksiev of Covington and Burling write: Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our…
Category: Commentaries and Analyses
NYS Comptroller Audit: North Tonawanda City School District – Information Technology (2023M-102)
NYS Comptroller Thomas DiNapoli recently released an audit of the North Tonawanda City School District. Summary: Issued Date: November 03, 2023< [Read complete report – pdf] Audit Objective Determine whether North Tonawanda City School District (District) officials properly secured user account access to the network and managed user account permissions in financial and student information…
NYS Comptroller Audit: Brentwood Union Free School District – Information Technology (2023M-83)
NYS Comptroller Thomas DiNapoli recently released an audit of the Brentwood Union Free School District on Long Island. Summary: Issued Date: November 03, 2023 [Read complete report – pdf] Audit Objective Determine whether the Brentwood Union Free School District (District) Board of Education (Board) and officials ensured computerized data was safeguarded by monitoring network user…
If you’re in Rock County, Wisconsin, do NOT read this post. Absolutely do not read this post.
If you’re in Rock County, Wisconsin, it seems your Information Technology Director and Corporation Counsel do not want you to know certain things about the September ransomware attack — even though people in the rest of the country may already know what they have decided not to tell you. They didn’t even tell your own…
PA: Great Valley School District Falls Victim to Ransomware Attack
As DataBreaches noted yesterday on infosec.exchange, the Medusa ransomware gang claims to have hit Great Valley School District in Pennsylvania. They provide a filetree showing a lot of Skyward, Canvas, PowerSchool, and other internal files, as well as 20+ screencaps of student info and employee info files to support their claim. They are demanding $600k…
OAIC alleges Australian Clinical Labs hack resulted from lacklustre security measures
Daniel Croft reports: Australian Clinical Labs (ACL) parent company Medlab back in February 2022 announced that it had suffered a cyber attack at the hands of the Quantum hacking group, which stole 86 gigabytes worth of data belonging to over 200,000 people, which included health information, passport details, and credit card information (number, expiry and…