22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…
Category: Of Note
US regulators order banks to report cyberattacks within 36 hours
Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the…
Number of cyber-attacks infiltrating critical New Zealand networks soars
Adam Bannister reports: New Zealand’s National Cyber Security Centre (NCSC) has observed a 15% year-on-year jump in cyber-attacks against the country’s “nationally significant” organizations. More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, published today (November…
Critical Infrastructure Protection: Education Should Take Additional Steps to Help Protect K-12 Schools from Cyber Threats
GAO-22-105024 Published: Oct 13, 2021. Publicly Released: Nov 12, 2021. Highlights from the government report: What GAO Found Federal guidance, such as the National Infrastructure Protection Plan (National Plan), specify the roles and responsibilities of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Department of Education’s Office of Safe and Secure…
When I emailed Overlake OB/GYN in July about a ransomware attack in 2020, I didn’t anticipate what would happen next.
In December, 2019, Overlake Medical Center & Clinics discovered that some employees had fallen for a phishing scheme. On February 7, 2020, they reported the incident to HHS as impacting 109,234 patients. As HHS subsequently summarized things: After the breach, the [Covered Entity] implemented additional administrative and technical safeguards and retrained its staff on the…
VA: Hundreds of parents, students, staff at risk of identity theft as personal records found tossed on floor at Old Pulaski Middle School
Kelsey Jean-Baptiste reports: Concerns about confidential records being found thrown on the ground of the Old Pulaski Middle School have many worried. Hundreds of students, teachers, and staff are now at risk of having their private information stolen. Pulaski School superintendent, Dr. Kevin Siers says the documents date back to the 1970s. In pictures given…