Balaji N reports: Notorious ransomware group Brain Cipher has claimed to have breached Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data from the professional services giant. Brain Cipher is a ransomware group that emerged in June 2024, quickly gaining notoriety for its cyberattacks on organizations worldwide. Notably, it was responsible for a significant attack on…
Category: Non-U.S.
Germany arrests suspected admin of country’s largest criminal marketplace
Daryna Antoniuk reports: German police said they have shut down the servers and arrested one of the administrators of the country’s largest German-speaking online marketplace for illegal goods and services, including stolen data, drugs and forged documents. Police said the operation on Monday seized expensive vehicles and around €1 million worth of digital assets from…
Unprecedented increase in liability for personal data leaks in the Russian Federation to take effect in May 2025
Advant Beiten writes: A law increasing administrative liability for personal data leaks was signed on 30 November 2024 (No. 420-FZ) (the “Law“). The Law will enter into force on 30 May 2025. A new article of the Criminal Code of the Russian Federation also enters into force on 11 December 2024. It establishes liability for the illegal use and/or transfer,…
Bolton Walk-In Clinic in Ontario: lock down your backup already!
DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime. Bolton Walk-In Clinic in Ontario has a data protection policy that says: We are…
PDPC: Breach of the Protection Obligation by HMI Institute of Health Science
A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students. Case No. DP-2405-C2321 HMI Institute of Health Science Pte. Ltd. (the “Organisation”) is a healthcare training provider in Singapore. On 2…
Administrative fine of €330,000 issued to Polish medical company after a hacking incident
Background information Date of final decision: 20 May 2024 National case Legal Reference (s): Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 32 (Security of processing) Decision: Administrative fine, Compliance order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification number, Responsibility of the controller…