Shaker Heights City School District in Ohio has notified the Maine Attorney General’s Office and the Montana Attorney General’s Office of a data security incident. The incident was discovered on January 30, 2022, but the investigation revealed that it had begun as early as September 1, 2021. Data were exfiltrated as part of the incident….
Category: Hack
How to Fight Foreign Hackers With Civil Litigation
Kellen Dwyer, Kim Peretti, and Emily Skahill of Alston & Bird write: The Department of Justice dealt a blow to global cybercrime on April 6 with the takedown of a massive botnet controlled by “Sandworm”—the Russian General Staff Main Intelligence Directorate (GRU) unit responsible for the 2017 NotPetya attack, among others. This operation reflects the…
IN: Schneck Medical Center notifying patients about data security incident
Schneck Medical Center announced Friday that it was notifying “a limited number” of patients of a data security incident that resulted in the access and exfiltration of some files containing protected health information (PHI). They do not indicate how many patients are being notified and the incident does not yet appear on HHS’s public breach…
Mint gets data breach claims dismissed
Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this case apart from the typical data breach case….. Fraser alleges that Mint allowed Fraser’s number to…
Parker-Hannifin discloses breach affecting employee health plan data
On March 14, Parker-Hannifin discovered unauthorized access to to their IT systems that began three days earlier. Their investigation determined some files on Parker’s IT systems had been accessed and possibly acquired by the attacker. The information involved related to current and former employees, their dependents, and members of Parker’s Group Health Plans (including health…
Law Firm Cyber Breach May Impact 23K, Including Financial Institution Client’s Customers
Justin Henry reports: The cyberattack of Philadelphia midsize law firm Stevens & Lee has grown to include 23,066 people whose personal information was potentially compromised, including customers of the firm’s financial institution clients, according to public records. The new figure, revealed in notices to authorities last month, is a sharp increase from the 344 potentially impacted individuals reported by…