YLE News reports: The perpetrator of a major hacking of the City of Helsinki’s education division’s database could have accessed the personal information of all compulsory school aged children in the capital, as well as their parents or guardians, the city has revealed in a press release. City authorities announced last week that the data breach affected about…
Category: Non-U.S.
UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments
Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)),…
British Library’s candid ransomware comms driven by ’emotional intelligence’
Connor Jones reports: Emotional intelligence was at the heart of the British Library’s widely hailed response to its October ransomware attack, according to CEO Roly Keating. The British Library’s (BL) ransomware attack last year was one of the most damaging in recent memory, at least in the UK. The transparency of the organization’s response over…
Au: Electronic prescription provider MediSecure victim of ‘large-scale’ data breach, ‘personal and health information’ at risk
Daniel Jeffrey reports: Electronic prescription provider MediSecure has fallen victim to a “large scale” data breach, potentially putting Australians’ private medical information at risk and sparking a national approach from the federal government. The company released a statement on its website – which is now otherwise inactive – this afternoon confirming the breach involved “personal and…
Singapore Cybersecurity Update Puts Cloud Providers on Notice
Robert Lemos writes: Lawmakers in Singapore updated the nation’s cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government. The Cyber Security Act amendment takes…
Telemarketing: the Privacy Guarantor sanctions Enel Energia. The company had not protected its databases from access by abusive brokers
Seen at GPDP: Telemarketing: the Privacy Guarantor sanctions Enel Energia The company had not protected its databases from access by abusive touts The Privacy Guarantor has imposed a fine of over 79 million euros on Enel Energia for serious shortcomings in the processing of personal data of numerous users in the electricity and gas sector, carried out…