Mark Rasch raises an important issue — the risks of reporting a breach that you may not need to report. Using the Blackbaud incident as his starting point, he writes: In May, cloud provider Blackbaud was the victim of a ransomware attack designed to lock it out of accessing its own data and servers. The…
Category: Of Note
4 Hackers Arrested in Poland in Nation-Wide Action Against Cybercrime
Today, the Polish authorities are announcing the arrest of 4 suspected hackers as part of a coordinated strike against cybercrime. Those arrested are believed to be among the most active cybercriminals in the country. This operation was carried out by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji) under the supervision of…
Interim Report on Blackbaud Breach: 5.6 million patients and counting…
Since our first interim report, DataBreaches.net has continued to compile reports that mention patient information that was disclosed to Blackbaud and that may have been accessed or exfiltrated by ransomware threat actors in the data breach discovered in May. Despite the criminals pinky-swearing that they wouldn’t misuse the data and would destroy it all in…
HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals
A second big settlement from HHS this week (you can find the first one here). HHS’s press release concerning a case that was previously reported on this site in 2014 follows. The incident also resulted in a class action lawsuit that was settled in 2019. CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the…
US cybersecurity agency issues super-rare emergency directive to patch Windows Server flaw ASAP
Robbie Harb reports: Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated…
Top Australian tenancy blacklist firm under investigation by information commissioner
Ben Butler reports: The federal information commissioner is investigating a potential data breach at one of Australia’s biggest tenancy blacklists, run by Sydney company Trading Reference Australia (TRA). TRA has moved to stymie the investigation, obtaining a federal court injunction that quashes an order from the commissioner that it hand over information about the breach….