Zack Whittaker reports: Security researchers say that they have found evidence that for the first time Russia-backed hackers are now using a more sophisticated type of malware to target government entities. ESET presented its case Thursday that the hacker group, known as Fancy Bear (or APT28), is using rootkit malware to target its victims. That…
Category: Of Note
Uber settles with all 50 states and the District of Columbia over massive 2016 data breach. The price tag? $148 million.
Uber Technologies Inc. will be paying a steep fare for its 2016 data breach. Here’s the press release from the NYS Attorney General’s Office about the record penalty it will pay. All states and the District of Columbia are party to the settlement. Settlement with 50 States & DC Also Requires Uber to Adopt Model Data…
United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet
Micah Lee reports: The United Nations accidentally published passwords, internal documents, and technical details about websites when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs. The mistakes made sensitive material available online to anyone with the proper link, rather than only to specific users who should have…
SingHealth data breach reveals several ‘inadequate’ security measures
Eileen Yu reports: Investigation into Singapore’s most severe cybersecurity breach has uncovered several poor security practices, including the use of weak administrative passwords and unpatched workstations. The findings were revealed on the first day of hearings led by the Committee of Inquiry (COI), a team set up to probe a July 2018 security breach that…
Unauthorized Disclosure of Patients’ Protected Health Information During “Boston Med” Filming Results in Multiple HIPAA Settlements Totaling $999,000
Today was not a good day for hospitals in Massachusetts. First, we saw the state’s attorney general announce a settlement between the state and UMass Memorial Healthcare and UMass Memorial Medical Centers involving insider breaches for fraudulent purposes. And now we see this announcement from the federal regulator, OCR: Today, the Department of Health and…
Credit reference agency Equifax fined for security breach
From the Information Commissioner’s Office: The Information Commissioner’s Office (ICO) issued Equifax Ltd with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017. The incident, which happened between 13 May and 30 July 2017 in the US, affected 146 million customers globally….