Claudia Glover reports: Save the Children appears to have been hacked by the Chinese data extortion gang BianLian, according to data posted to the latter’s victim blog. Though it does not mention the charity by name, the cybercrime organisation claims to have stolen up to 8GB of files from an international NGO “employing over 25,000…
Category: Hack
St. Paul Public Schools notifies families of data breach from February
KSTP reports: St. Paul Public Schools notified families and staff last week of a “data security incident” last winter that may have exposed students’ names and email addresses. In a letter sent out on Friday, the district said it became aware of the issue in February and flagged the FBI, Minnesota IT Services and the…
Bloom Health Centers discloses data breach involving mental health data of 1,545 patients
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients. Before digging into the details,…
Massive ransomware attack on Sri Lanka’s state email domain
Sri Lanka Mirror reports: All Government offices using the “gov.lk” email domain, including the Cabinet Office, have lost data from May 17 to August 26, 2023, after a massive ransomware attack, the Information and Communication Technology Agency (ICTA) has confirmed. The virus could have affected around 5,000 email addresses, ICTA CEO Mahesh Perera said, admitting…
Russian man with Kremlin ties gets 9 years in US prison for hacking and insider trading scheme
Alanna Durkin Richer reports: A wealthy Russian businessman with ties to the Kremlin was sentenced Thursday to nine years in prison for his role in a nearly $100 million stock market cheating scheme that relied on secret earnings information stolen through the hacking of U.S. computer networks. Vladislav Klyushin, who ran a Moscow-based information technology company that…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…