A very unusual — and serious response to a threat to government cybersecurity. Thanks to Doug Levin @k12cybermap for pointing us to this press release: July 24 — Today, Gov. John Bel Edwards issued a state-wide Emergency Declaration in response to an ongoing cybersecurity incident that is affecting several local government agencies. The declaration makes…
Category: Of Note
Health IT companies impacted by browser extension data leak: report
Heather Landi reports: Browser extensions, also known as add-ons or plug-ins, are commonly used by desktop Web surfers to do things ranging from blocking ads to remembering passwords to checking grammar. According to an independent security researcher, some extensions have been leaking and exposing browsing activity data, including patient names and health information from healthcare…
Equifax Reaches $1.4 Billion Data Breach Settlement in Consumer Class Action; Also Agrees to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach
R. Robin McDonald reports: Equifax has agreed to pay at least $1.4 billion to settle multidistrict litigation brought on behalf of 147 million consumers, and pay millions more to resolve civil complaints brought by the federal government and multiple state attorneys general over its massive 2017 data breach. Monday’s notice of the proposed settlement, detailed in…
Equifax to Pay Around $700 Million to Resolve Data-Breach Probes
AnnaMaria Andriotis reports: Equifax is nearing a deal to settle a slew of state and federal investigations into a 2017 data breach that exposed nearly 150 million Americans’ Social Security numbers and other sensitive personal information. Under the agreement, the credit-reporting firm would pay around $700 million to settle with the Federal Trade Commission, the…
Hackers breach 62 US colleges by exploiting ERP vulnerability
Catalin Cimpanu reports: Hackers have breached the systems of 62 colleges and universities by exploiting a vulnerability in an enterprise resource planning (ERP) web app, the US Department of Education said in a security alert sent out this week. The vulnerability is in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP that…
UK: Former motor industry worker ordered to pay £25,500 from proceeds of data theft
A motor industry employee who was sentenced to six months in prison in November 2018 for accessing personal data without permission, has been ordered to pay a £25,500 confiscation order in a case brought by the Information Commissioner’s Office (ICO). Following a hearing at Wood Green Crown Court, London on 15 July, the judge determined…