Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
Category: Of Note
In today’s installment of “How Not to Respond to a Breach,” we give you Paterson Public Schools
From the for-the-love-of-a-free-press-would-someone-PLEASE-teach-these-people-about-the-first-amendment? dept. Earlier this week, this site noted reporting by Paterson Times about an alleged breach involving the Paterson Public Schools in New Jersey. We also picked up a follow-up report that covered some… um…unexpected claims by the District as to how many threat actors might be involved and whether it was a…
GozNym malware: cybercriminal network dismantled in international operation
A press release from Europol today: An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network. The criminal network used GozNym malware in an attempt to steal an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions. A criminal Indictment returned by a…
Medical Insurance Fraud: Doctors’ identity info for sale on dark web marketplace
There have been numerous estimates over the years about how much a patient’s information sells for on dark web marketplaces. But what about a doctor’s information? If you had the necessary documentation on a physician who could bill electronically for their services, how much could you make by sending fraudulent bills to Medicare or insurers?…
What Colorado learned from treating a cyberattack like a disaster
Benjamin Freed reports: The Colorado Department of Transportation joined the ranks of dozens of other U.S. government entities affected by the SamSam ransomware virus when it was infected with the malware in February 2018. While the incident was costly — nearly 2,000 computers, servers and network devices were encrypted, while the state spent about $1.5…
Seven months after learning of a breach, UCSD still has not notified HIV research participants whose privacy was breached
Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…