David Kessler and Susan Ross write: On October 19, 2021, a federal trial court in South Carolina ruled that a group of consumers could proceed with common law negligence and gross negligence claims directly against their organizations’ vendor that had been the victim of a security breach—instead of suing the organizations of which they were…
Category: Subcontractor
Over 400,000 German Students Data Leaked by a Flawed API
Manikanta Immann reports: Scoolio is a german app for students, used mainly for educational updates, record keeping, and networking. After informing the flaw to Scoolio’s developer, a fix was released this week to patch the bug. […] In September, a security researcher named Lilith Wittmann of Zerforchung firm has discovered a flawed API in Scoolio, through which she was able…
Nearly 30K former and current CU Boulder students’ personal information hacked
Alex Rose reports: The University of Colorado Boulder is sending emails to roughly 30,000 former and current students that have been impacted by a data breach, according to a release from the university. Most of the people impacted are no longer CU students or employees, according to the release. The university said the third-party software, provided…
Fullerton Health vendor’s server hacked; personal details of customers sold online
David Sun reports: Personal details of Fullerton Health customers were stolen by hackers and hawked online, after a vendor of the private healthcare group suffered a breach earlier this month. The data was put up for sale on hacking forums from Oct 11, and could be bought for US$600 (S$810) in Bitcoin. However, checks by…
Email breach at vendor to alliance of dental practices impacts numerous practices, more than 170,000 patients
For the second time in the past year, an alliance serving dental practices has been hit with a cyberattack. Last year’s attack impacted patients at Kids First Dentistry & Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut. They reported a a ransomware attack on First Impressions Orthodontics impacted their patients. This year, a number…
DOJ Announces New Cyber-Fraud Initiative Promoting False Claims Act Enforcement Against Contractors and Grantees Failing to Follow Cybersecurity Standards
Anthony Mirenda, Stephen Garvey, and Natalie Panariello of Foley Hoag write: As we anticipated last spring, the Department of Justice (DOJ) has signaled that it will utilize civil enforcement of the False Claims Act (FCA) to address new and emerging cybersecurity threats. On October 6, 2021, Deputy Attorney General Lisa Monaco announced the launch of a new…