CBC reports: An Ottawa man convicted on charges related to a ransomware attack affecting hundreds of victims was sentenced to two years behind bars on Friday. Matthew Philbert, 33, was arrested by the Ontario Provincial Police (OPP) in late 2021 following a lengthy investigation that also involved the RCMP, the FBI and Europol. Philbert was accused of co-ordinating…
Category: Non-U.S.
UK: South Tees Hospitals NHS Foundation Trust reprimanded for “serious, harmful” data breach
The Information Commissioner’s Office (ICO) has today announced it has reprimanded South Tees Hospitals NHS Foundation Trust for a data breach which resulted in a disclosure containing sensitive information to a unauthorised family member. In November 2022, a Trust employee sent a standard letter to inform the father of a patient of an upcoming appointment,…
Au: St Vincent’s Health says there is ‘no evidence’ sensitive personal information was stolen by hackers in cyber attack
Bryant Hevesi reports: St Vincent’s Health has declared that no evidence has been uncovered that sensitive personal information was stolen by hackers last month. The healthcare provider, which operates 10 hospitals and 26 aged-care facilities across New South Wales, Queensland and Victoria, was left scrambling to identify what data had been accessed from its network…
University of Twente Maps Decision-Making Process for Ransomware Victims
The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led…
COVID Test Data Breach: 1.3 Million Patient Records Exposed Online
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained nearly 1.3 million records, which included COVID-19 testing information and personally identifiable information such as the patient’s name, date of birth, and passport number. Jeremiah Fowler writes: The publicly exposed database contained an estimated 1.3 million records that included 118,441…
Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment
Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. First, the Dutch SA decided that the company was required to perform a DPIA…