Bloomberg reports: Microsoft Corp. customers were targeted in a massive phishing campaign that has sought to defraud users in 62 countries since December. Recently, the malicious emails have evolved to capitalize on the pandemic, according to Microsoft. The attack “targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and re-direct…
Category: Of Note
Soldier accused of leaking troop details to Satanic neo-Nazis pleads not guilty
Tim Darnell reports: Former Army private Ethan Melzer has pleaded not guilty to a six-count indictment stemming from an alleged plot to kill fellow US troops in the name of a satanic neo-Nazi group. Last month, Melzer, 22, of Louisville, Kentucky, was indicted for allegedly planning an attack on his U.S. Army unit by sending sensitive…
Why should the health plan offer credit monitoring in this case? (UPDATED)
I was reading yet another press release about an incident involving protected health information. This one was from Independence Blue Cross in Philadelphia. Let me start by quoting the relevant part and then I’ll meet you on the other side: On May 8, 2020, the Independence Blue Cross Privacy Office was notified that certain member information…
Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach
Hunton Andrews Kurth writes: The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. The sanction was imposed following a data breach that took…
Seller floods hacker forum with data stolen from 14 companies
Lawrence Abrams reports: A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020. When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data…
Turkey: KVKK fines gaming company TRY 1,100,000 for breach notification violations
OneTrust DataGuidance reports: The Personal Data Protection Authority (‘KVKK’) published, on 23 June 2020, its decision (‘the Decision’) of 16 April 2020, fining a gaming company a total of TRY 1,100,000 (approx. €142,980) for data breach notification violations. In particular, the Decision concerns a data breach suffered by the gaming company in which hackers were…