Protenus has released its Q3 report on breaches involving health data. As explained in their methodology, since its inception in 2016, Protenus reports have not confined themselves to just using data from HHS’s public breach tool (“The Wall of Shame”). Instead, the Protenus reports, using data compiled by DataBreaches.net, include data from incidents also involving…
Category: Of Note
Sim Swapping Crypto Hacking Group Busted in Turkey
From TrustNodes: Turkish police has arrested 11 individuals on suspicion of hacking cryptocurrencies through Sim Swapping. The individuals in question allegedly tricked phone providers into transferring the victim’s phone number to them. Apparently fake IDs were prepared for this operation, according to local crypto media, with the thieves pretending the victim’s phone was stolen. They…
No need for Russia to hack the House of Representatives if the House keeps leaving its doors open.
In early August, “Flash Gordon” (@s7nsins on Twitter) contacted me to say that he discovered a leak involving the House of Representatives. In light of all the talk about Russia trying to hack our elections, I decided that we probably should notify the House right away in case there was any kind of sensitive files…
Another State Data Security Law: Ohio Gets in on the Action
Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor…
NJ Settles Charges Against Business Associate Responsible for Virtua Medical Patient Data Breach: Vendor Owner Pays $200,000 and is Barred From Owning or Managing Any Business in NJ Again
One question that occasionally pops up is how often businesses go out of business after or due to a data breach. My answer to that is “not often,” but we do it occasionally. In some cases, the breach may just have been a final straw for an already shaky business. Yesterday, during a webinar with…
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…