The Office of Inadequate Security
The following statement by the Information Commissioner’s Office concerns a devastating 2022 ransomware attack by LockBit3.0 on Advanced Computer Software Group (“Advanced”), an IT vendor for the UK’s National Health Service (NHS). Here is the ICO’s statement about Advanced: We have provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09m, following an initial…
Singapore authorities make record recovery thanks to cooperation with Timor Leste through INTERPOL LYON, France: A global stop-payment mechanism developed by INTERPOL has helped Singapore authorities make their largest ever recovery of funds defrauded in a business email compromise scam. On 23 July 2024, a commodity firm based in Singapore filed a police report stating…
Although DataBreaches does not report on all incidents involving U.S. healthcare entities, a log is kept to calculate statistics for the annual Breach Barometer report produced by Protenus, Inc. For the month of July, DataBreaches noted the following six U.S. hospitals disclosed breaches or were claimed as victims by threat actors. Some of these incidents…
Dakota Morrissiey reports: A reported cyberattack disrupted 9-1-1 service at dispatch centers in the Highland Lakes and across Central Texas for over five hours on Sunday, Aug. 4. Emergency calls were rerouted during the incident and full service restored by Sunday evening. Marble Falls, Burnet County, and Llano County dispatch centers were among those impacted…
Cassandre Coyer reports: Jerico Pictures Inc., a background-check company doing business as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach, a proposed class action says. On April 8, a cybercriminal group by the name of USDoD posted a database entitled “National Public Data” on a dark…
Liisa M. Thomas, Tracy Chau, and Kathryn Smith of SheppardMullin write: TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the incidents, threat actors gained access to customer information, including names, addresses, and features…