by Craig Silverman, ProPublica This story was originally published by ProPublica. ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox. Series: Zero Trust: Inside Microsoft’s Cybersecurity Failures Investigating how the world’s largest software provider handles the security of its own ubiquitous…
Category: Of Note
New Pennsylvania law will offer added protections for victims of data breaches and new reporting requirements
NCPA reports: Harrisburg, Pa. — A new state law will help protect consumers impacted by data breaches. Act 33 of 2024 requires an impacted organization to provide a free credit report and one year of credit monitoring to affected consumers. It also strengthens notification requirements and mandates notification of the Pennsylvania Office of Attorney General if a data…
Insider Threat: Fake Therapist Fooled Hundreds Online Until She Died, State Records Say
In April 2023, Brightside Health, Inc. reported a breach to HHS that affected 767 patients. The incident was coded as “unauthorized access/disclosure” of information located in “EMR, other.” HHS’s closing statement on the public breach tool described the incident this way: The covered entity (CE), Brightside Health, reported that an unauthorized individual accessed the protected…
Bulgarian hacker “Emil Külev” arrested and detained (1)
A 21-year-old Bulgarian who allegedly called himself “Emil Külev” online has been arrested by Sofia police. An announcement from the Prosecutor’s Office of the Republic of Bulgaria stated that they had charged and detained Teodor Iliev for up to 72 hours in connection with a number of computer crimes. Between March 2020 and January 2024,…
FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe
Maydeen Merino reports: The Federal Trade Commission this week defended its investigation of MGM Resort International’s data security practices as the Las Vegas-based casino is seeking a court order to block the agency’s probe. Following a cyberattack that disclosed the personal information MGM guests in September, the FTC issued a civil investigative demand (CID) in…
If the insider threat is at your vendor, could you discover it quickly?
Here’s today’s reminder of the insider threat. We start with a notice from Geisinger about a security incident involving Nuance Communications: Nuance Communications Inc., an outside vendor that provides information technology services for Geisinger, is notifying Geisinger patients that some personal information may have been accessed by a former Nuance employee. On Nov. 29, 2023,…