How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Services (MSS) identified suspicious activity related to an employee’s email account. According to the notification…
Category: Of Note
Albany ENT & Allergy Services settles state charges stemming from two patient data breaches; agrees to spend $2.25M on security program
In April 2023, DataBreaches reported two ransomware groups had each listed Albany ENT & Allergy Services (AENT) on their respective leak sites. But one month later, when AENT sent notifications to regulators and 224,486 affected employees and patients, its notification letter made no mention of any ransomware attack, any encryption of files, any ransom demands,…
U.S. Joins International Action Against RedLine and META Infostealers; unseals charges against Maxim Rudometov (1)
AUSTIN, Texas – The Department of Justice joined the Netherlands, Belgium, Eurojust and other partners in announcing an international disruption effort against the current version of RedLine Infostealer, one of the most prevalent infostealers in the world that has targeted millions of victim computers, and the closely-related META Infostealer. The Justice Department, FBI, Naval Criminal…
Operation Magnus disrupts Redline and Meta infostealers
From Operation Magnus: On the 28th of October 2024 the Dutch National Police, working in close cooperation with the FBI and other partners of the international law enforcement task force Operation Magnus, disrupted operation of the Redline and Meta infostealers. Involved parties will be notified, and legal actions are underway. Watch their update and stay tuned!…
Personal Data Protection Commission of Singapore issues three undertakings stemming from ransomware attacks
On October 23, the Personal Data Protection Commission of Singapore issued three undertakings with the follow statement: The new Undertakings reveals breaches stemming from various ransomware attacks due to the insufficient security IT measures implemented, affecting the personal data of over 690,000 individuals. In response, the affected organisations are to implement remediation plans to rectify the…
SEC Charges Four Companies With Misleading Cyber Disclosures
Washington D.C., Oct. 22, 2024 — The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also charged Unisys with disclosure controls and procedures violations….