Background information Date of final decision: 20 May 2024 National case Legal Reference (s): Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 32 (Security of processing) Decision: Administrative fine, Compliance order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification number, Responsibility of the controller…
Category: Hack
Ca: LifeLab loses its last attempt to withhold data breach forensics report from public eyes
It’s been a long battle, but transparency has prevailed. LifeLabs LP v. Information and Privacy Commissioner of Ontario (IPC) stemmed from a cyberattack in 2019 that resulted in the compromise of 15 million Canadian’s data. LifeLab eventually complied with inquiries by the Privacy Commissioner, who requested that LifeLab provide its forensics report and other documents, but LifeLab…
Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team
The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…
Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’
Bill Toulas reports: Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called “nearest neighbor attack.” The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range. The attack…
Tesla data breach falsely claimed by IntelBroker, third-party EV charging firm actually breached
Daniel Croft reports: The incident was claimed by CyberN—–s members IntelBroker and EnergyWeaponUser, who originally said it was a Tesla EV charging station database containing files that belonged to Tesla. However, thanks to a tipoff by researcher DarkWebInformer and IntCyberDigest, the threat actors amended the listing to say it was a “random 3rd party company…
Hackers breach Andrew Tate’s online university—obtain chat logs and leak data on 800,000 users
Mikael Thalen reports: An online course founded by far-right influencer Andrew Tate was breached by hackers, revealing the email addresses of roughly 325,000 users. The self-described online university, known as The Real World, offers users “advanced training and mentoring” for around $50 per month. Formerly known as Hustler’s University, the platform focuses on topics such…