James B. Miller reports: In an extensive report, the Office of the State Auditor recently expressed concerns with the North Dakota Department of Veterans Affairs’ handling of the veteran aid loan, hardship assistance grant, impact grant and highly rural transportation grant programs. […] Most notably, the audit found that the Veteran Aid Loan System was…
Category: Of Note
MA: Deal Struck To Protect Consumers Hurt By Data Breaches
Katie Lannan reports: A compromise bill filed Tuesday by a House-Senate conference committee would afford Massachusetts residents a year and a half of free credit monitoring services if their personal data and Social Security number are compromised by a data security breach. The panel, chaired by Rep. Tackey Chan and Sen. Barbara L’Italien, filed its…
Thousands of Medical Records Left Unsecured–So Who’s Investigating?
A news report from a few days ago is actually a good example of the frustration some experience with OCR investigation of breaches. TL;DR version: a breach was reported by the media in March, 2017. This site also noted it. But now, more than one year later, there have been no consequences for the entity,…
Vietnam’s New Cybersecurity Law and Push for Internet Sovereignty Reduces Freedom
Scott Ikeda reports: On June 12th the Vietnamese National Assembly voted in a new cybersecurity law. The legislation did not come easily having gone through more than 12 drafts and much debate in government and the business sector. The claimed purposes of the legislation are to increase Vietnam’s Internet sovereignty, that is the data of…
Samsam infected thousands of LabCorp systems via brute force RDP
Steve Ragan reports: LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn’t result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production…
UK: Independent Inquiry into Child Sexual Abuse fined £200,000 for revealing identities of possible abuse victims in mass email
From the Information Commissioner’s Office, this press release: The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 by the Information Commissioner’s Office(ICO) after sending a bulk email that identified possible victims of non-recent child sexual abuse. The Inquiry, set up in 2014 to investigate the extent to which institutions failed to protect…