Natasha Lomas reports: Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed by Facebook…
Category: Of Note
FTC Takes Action Against CafePress for Data Breach Cover Up and Poor Security
The FTC has taken enforcement action against CafePress stemming, in part from a 2019 data breach previously reported on this site. In December, 2020, seven states settled charges with CafePress. The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and…
Comprehensive Health Services Pays False Claims Act Settlement Involving EMR Security
Marianne Kolbasuk McGee reports: A healthcare services contractor has agreed to pay a $933,000 settlement in a federal whistleblower case involving alleged false claims by the entity about the security of electronic medical records containing the information of military personnel, diplomats and contractors. The settlement is the first under the Department of Justice’s Civil Cyber-Fraud Initiative,…
State Bar Breach Exposed Thousands More Confidential Records Than Original Estimates, Investigation Shows
Alaina Lancaster reports: More than 60,000 additional confidential attorney discipline records were exposed in a data breach of the State Bar of California’s case management system, according to an ongoing investigation. The bar’s IT incident response team and a third-party forensic firm calculated that more than 322,525 confidential records were available during the leak, compared to…
Report: Recent 10x Increase in Cyberattacks on Ukraine
Brian Krebs reports: As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. Read more at KrebsOnSecurity.com
HHS Cybersecurity Update: Conti Ransomware Update
TLP: White Report: 202203101700 March 10, 2022 Conti Ransomware (Update) Executive Summary Conti is a ransomware group that has aggressively targeted healthcare organizations since it was first observed in 2019. Conti ransomware attacks have targeted the healthcare industry, major corporations, and government agencies, particularly those in North America. In typical Conti ransomware attacks, the…