John Cassell, Imran Ahmad,and Miranda Sharpe of Norton Rose Fulbright write: On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during the ten year period since reporting was mandated in Alberta under…
Category: Of Note
Au: WA Health sorry over monkeypox data breach
Michael Ramsey reports: Western Australia’s health department has apologised for accidentally leaking the personal details of passengers aboard a flight carrying a person infected with monkeypox. A woman who travelled on the flight from Doha last week said she received the document in an email from WA Health. It contained the personal information of 47…
NYDFS Proposed Amendments to Its Cybersecurity Rules
Patrick H. Haggerty and Elise Elam of BakerHostetler write: On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for…
Update: Hackers issue ‘ransom demands’ to NHS IT supplier: Fears MILLIONS of confidential patient records could be leaked after major cyber attack
Joe Davies reports an update to the ransomware attack on Advanced that impacted the NHS 111 system: Hackers are holding an IT firm that supplies NHS trusts to ransom following a cyber attack last week, according to sources. Health bosses are concerned criminals have access to confidential health records and could leak them if their demands aren’t…
Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
Linda Smith, Rajat Wason, and Syed Zaidi of Sophos write: In May 2022, an automotive supplier was hit with three separate ransomware attacks. All three threat actors abused the same misconfiguration – a firewall rule exposing Remote Desktop Protocol (RDP) on a management server – but used different ransomware strains and tactics. The first ransomware…
Former Twitter Employee Found Guilty of Acting as an Agent of a Foreign Government and Unlawfully Sharing Twitter User Information
A federal jury yesterday convicted a former Media Partnerships Manager for the Middle East/North Africa (MENA) region at Twitter of acting as a foreign agent without notice to the Attorney General, conspiracy, wire fraud, international money laundering, and falsification of records in a federal investigation. The verdict follows a two-week trial before the Honorable Senior…