Purvi Khemani reports: A Reddit user recently shared a troubling experience on the platform. They claimed they were fired from TCS (Tata Consultancy Services) after reporting a security issue. Using the handle @Personal_Stage4690, they posted on the ‘Developers India’ subreddit, saying, “I reported a security incident in tcs where my manager ware (was) making employees…
Category: Non-U.S.
Regional Cancer Center cyberattack: Ransom demanded, at least 2 million patients’ data stolen (UPDATE 1)
United News of India (UNI) reports on a significant cyberattack on April 30 that has been attributed to Daixin Team (but SEE UPDATE BELOW POST): In one of the highest volumes of cyberattacks in India, details of 20 lakh patients with the Regional Cancer Center (RCC) here were compromised, affecting 11 out of 14 servers…
UK opens investigation of MoD payroll contractor after confirming attack
Connor Jones reports: UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to “malign” forces accessing data on current and a limited number of former armed forces personnel. There is no evidence to suggest that the criminals who broke into the systems actually removed any data,…
Patient appointments imperiled by cyberattack on French radiologist
Alexander Martin reports: Coradix-Magnescan, a French company that provides medical radiological imaging, has warned patients it is currently dealing with a cyberattack that risks “complicating” their appointments. Based in Perpignan in southern France, just north of the Pyrenees mountains and close to the Mediterranean Sea, the company said at this point there is no evidence…
Brazilian Data Protection Authority approves data breach notifying regulation
Cristiane Manzueto, Rodrigo Leal, Ana Letícia Allavato, and Diego Semeraro of Mayer Brown write: Resolution No. 15, of April 24, 2024, of the Brazilian Data Protection Authority (“ANPD”), approved the Data Breach Notifying Regulation (the “Regulation”). The Regulation establishes procedures for data controllers to notify subjects of data breaches, as required by Article 48 of…
UK makes weak default passwords illegal
Three cheers for the U.K. on this one. Kevin Purdy reports: If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password “password.” In fact, you’re not supposed to have default passwords at all. A new version of the 2022 Product Security…