Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained nearly 1.3 million records, which included COVID-19 testing information and personally identifiable information such as the patient’s name, date of birth, and passport number. Jeremiah Fowler writes: The publicly exposed database contained an estimated 1.3 million records that included 118,441…
Category: Non-U.S.
Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment
Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. First, the Dutch SA decided that the company was required to perform a DPIA…
Federal government slaps targeted sanctions on Russian cybercriminal behind 2022 Medibank Private cyber attack
Heloise Vyas reports: The Australian government have cracked down on a Russian cybercriminal believed to behind a Medibank Private breach in 2022 which marked the “single most devastating attack” in the country’s history. In a joint press conference with the Foreign Affairs Minister, Deputy Prime Minister, and Cyber Security Minister, the Commonwealth declared it would,…
UPDATE: Ransomware attack affecting Tietoevry’s services for some customers in Sweden
21 January 2024 [UPDATED: 10:45 CET, January 21] One of Tietoevry’s several datacenters in Sweden was partially subject to a ransomware attack during the night of Jan 19-20. While overall recovery has progressed, services for the customers in scope remain impacted. The attack was limited to one part of one of our Swedish datacenters, impacting…
UK: Coventry school reprimanded for data breach after IT system ‘hacked three times’
Claire Harrison reports: A Coventry school has been reprimanded for data breaches after its IT system was ‘hacked three times’. In doing so, the Information Commissioners Office has said that Finham Park Multi Academy Trust did not have adequate account lockout or password policies in place.. The ICO said, in a report, that an unauthorised third party…
German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @[email protected] German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL…