KSTP reports: St. Paul Public Schools notified families and staff last week of a “data security incident” last winter that may have exposed students’ names and email addresses. In a letter sent out on Friday, the district said it became aware of the issue in February and flagged the FBI, Minnesota IT Services and the…
Category: Hack
Bloom Health Centers discloses data breach involving mental health data of 1,545 patients
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients. Before digging into the details,…
Massive ransomware attack on Sri Lanka’s state email domain
Sri Lanka Mirror reports: All Government offices using the “gov.lk” email domain, including the Cabinet Office, have lost data from May 17 to August 26, 2023, after a massive ransomware attack, the Information and Communication Technology Agency (ICTA) has confirmed. The virus could have affected around 5,000 email addresses, ICTA CEO Mahesh Perera said, admitting…
Russian man with Kremlin ties gets 9 years in US prison for hacking and insider trading scheme
Alanna Durkin Richer reports: A wealthy Russian businessman with ties to the Kremlin was sentenced Thursday to nine years in prison for his role in a nearly $100 million stock market cheating scheme that relied on secret earnings information stolen through the hacking of U.S. computer networks. Vladislav Klyushin, who ran a Moscow-based information technology company that…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Court certifies class action lawsuit against federal government over 2020 Canada Revenue Agency cyberattack
Mitchell Consky reports: The Federal Court of Canada has certified a class action lawsuit against the federal government, which alleges negligence in “safeguarding the confidential information of Canadians, leading to widespread privacy breaches.” The suit follows cyberattacks that targeted Canada Revenue Agency accounts and other government services back in 2020. Read more at CTV News.