Charles S. Morgan, Ellen Yifan Chen, and Philippe April of McCarthy Tétrault LLP write: The Act to Modernize Legislative Provisions respecting the Protection of Personal Information (“Bill 64” or the “Bill”)[1] received royal assent on September 22, 2021, introducing new obligations for private sector businesses in Québec phased over the course of three years. […] it is important…
Category: Non-U.S.
UK: Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers
Gareth Corfield reports: An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company (SMC) seemingly dismissed the findings of the infosec company which…
“Shoot the Messenger,” Friday edition: Homewood Health resorts to threats and a court order?
In July of this year, CTV News in Canada and DataBreaches.net reported on a breach involving Homewood Health in Canada. Both CTV and this site had become aware of the breach when data allegedly from Homewood showed up on a leak site called Marketo. Marketo claimed to have almost 300 GB of Homewood’s data for…
Recent decisions by the Singapore Data Protection
Two recent decisions by the Singapore PDPC. Breach of the Protection Obligation by ChampionTutor 14 Oct 2021 A financial penalty of $10,000 was imposed on ChampionTutor for failing to put in place reasonable security arrangements to protect personal data in its possession. The incident resulted in the personal data being exposed. The PDPC became aware…
Australia to tackle ransomware data breaches by deleting stolen files
Bill Toulas reports: Australia’s Minister for Home Affairs has announced the “Australian Government’s Ransomware Action Plan,” which is a set of new measures the country will adopt in an attempt to tackle the rising threat. […] To further strengthen the ability to conduct investigations and disrupt ransomware attacks, the government is looking to establish new…
Informed of a data leak in July, Brazilian integrator platform continued to expose more than 1.75 billion files
Updated at 11:11 am: DataBreaches.net has been informed the data have been secured. Remember when the Brazilian government complained about Raid Forums for posting so many leaks and data dumps from Brazil? If this one ever shows up on Raid Forums, they will probably go nuts. Safety Detectives reports: The Safety Detectives cybersecurity team, led by Anurag Sen,…