Simon Sharwood reports: Personal information describing names, addresses, bank account details, and taxation IDs of 38,000 Australian government employees has been leaked to the dark web after a ransomware attack. The treasurer of the Australian State of South Australia, Rob Lucas, today revealed the source of the leak: outsourced payroll provider Frontier Software. Read more at The…
Category: Subcontractor
Vendors and HIPAA
Matt Fisher of Carium writes: An important part of establishing strong security for an organization rests with how it interacts with its vendors. The creation of a chain of entities creating, interacting with, storing, or otherwise handling sensitive patient information starts at the top, but can easily and frequently go down many layers. Given the…
Polish DPA: Bank Millennium fined 80,000 EUR for failure to notify the breach and the data subjects about the incident
22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…
Data of 5.9m customers of RedDoorz hotel booking site leaked in Singapore’s largest data breach
Kenny Chee reports: The personal data of nearly 5.9 million Singaporean and South-east Asian customers of hotel booking site RedDoorz was found to have been leaked, in what the Government has called Singapore’s largest data breach. The Personal Data Protection Commission (PDPC) has fined local firm Commeasure, which operates the website, $74,000. This is much…
N.L. patient, employee data stolen in health-care cyberattack
Alex Kennedy reports: Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador’s health-care system as part of a recent cyberattack, according to officials. The information was accessed through the province’s Meditech data repository, which includes a patient information database as well as…
UK: Labour Party discloses cyber attack, members’ data stolen
John Leonard reports: The Labour Party has suffered a ‘cyber incident’ with personal details of members stolen from an unnamed third-party company that handles its membership data. In a statement the party says it was informed of the incident on October 29th and that “a significant quantity of Party data” had been rendered inaccessible. Labour does not give…