Long-time readers know that this blogger has encountered some interesting situations over the years in response to trying to engage in responsible disclosure of leaks or incidents. As just a few examples (apart from all the lawsuit threats for exposing leaks or incidents), this blogger was: — threatened with being infected with HIV by angry…
Category: Of Note
Afghanistan: Investigation launched into interpreter data breach
Today’s reminder that even the leak of an email address can put someone’s life at risk. Phil Kemp, Lucy Manning, and Ed Campbell report: Defence Secretary Ben Wallace has ordered an investigation into a data breach involving the email addresses of dozens of Afghan interpreters who worked for British forces. More than 250 people seeking…
BlackMatter Hits Grain Cooperative With Ransomware Attack
William Turton reports: Iowa-based grain cooperative New Cooperative Inc. was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future Inc. The ransomware gang, which goes by the name…
ALTDOS claims to have hacked one of Malaysia’s biggest conglomerates
Threat actors known as ALTDOS continue to romp their way through attacks on ASEAN entities, garnering very little media attention as they acquire and dump millions of consumer records and proprietary information on businesses. The majority of the victims whose data they have dumped appear to be from Singapore and Thailand, but they do have…
FTC’s Health Breach Notification Rule — Wait, did you say “FTC’s???”
What does it say when a HIPAA lawyer with years of experience says he didn’t know the FTC has a health breach notification rule? Seen on Jeff Drummond’s blog: ” The U.S. Federal Trade Commission issued a policy statement this week confirming that connected devices and health apps that use or collect consumers’ health information must notify users…
U.S. to Target Crypto Ransomware Payments With Sanctions
Well, this is not exactly what I suggested yesterday on Twitter as a strategy (I suggested that every ransomware group that hits the medical sector should be declared a terrorist organization and put on the Treasury’s sanctioned list), but it could help. Ian Talley and Dustin Volz report: The Biden administration is preparing an array…