Catalin Cimpanu reports: CyrusOne, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has learned. CyrusOne is currently working with law enforcement and forensics firms to investigate the attack and is also helping customers restore lost data from backups. Read more on ZDNet.
Category: Of Note
Merck cyberattack’s $1.3 billion question: Was it an act of war?
Riley Griffin of Bloomberg reports: By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down. It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were…
Facebook must face data breach class action on security, but not damages: judge
Jonathan Stempel reports: A federal judge said up to 29 million Facebook Inc (FB.O) users whose personal information was stolen in a September 2018 data breach cannot sue as a group for damages, but can seek better security at the social media company after a series of privacy lapses. Read more on Reuters.
OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …
District Court (NY) Says It’s Powerless to Approve Class Settlement Arising Out of Data Breach Due to Lack of Art. III Cognizable Injury
Scott J. Hyman of Severson & Werson PC writes: In Steven v. Carlos Lopez & Assocs., No. 18-CV-6500 (JMF), 2019 U.S. Dist. LEXIS 203621 (S.D.N.Y. Nov. 22, 2019), Judge Furman declined to approve settlement of a data breach class due to the absence of Art. III standing. From the opinion: In June 2018, an employee…
Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
Lawrence Abrams reports: After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a…