In July, 2020, cloud software firm Blackbaud announced that it had been the victim of a ransomware attack that began in February of 2020 and continued until Blackbaud was able to kick the attackers out of their system in May. In order to try to protect their clients from having personal and sensitive information on…
Category: Subcontractor
USDA Denies Data Breach at Payroll Facility
Mariam Baksh reports: The U.S. Department of Agriculture has found “no evidence” of a data breach at a payroll processing center but is investigating, a spokesperson said in response to news reports to the contrary. Reuters first reported on Tuesday that the department’s National Finance Center, which runs a payroll system serving over 600,000 federal employees…
Goodwin says vendor breach may have exposed client data (updated)
Sara Merken reports: Goodwin Procter experienced an indirect security breach involving a third-party vendor whose services the firm uses for large file transfers, according to an internal memo reviewed by Reuters on Tuesday. Goodwin’s investigation into the matter, which is still ongoing, revealed a “small percentage of our clients may have experienced unauthorized access to…
FR: CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…
Florida Healthy Kids website breached; vendor blamed for not patching
What’s that feeling when you learn your web hosting vendor for the past 7 years had unpatched vulnerabilities that permitted thousands of individuals’ personal information to be accessed without authorization? Nausea? Disgust? Something else? Florida Healthy Kids Corporation posted a notice on their site about an incident that they attribute to Jelly Bean Communications Design. …
Rady Children’s Hospital sued over Blackbaud breach
Law360 is reporting that Rady Children’s Hospital has been sued over the Blackbaud ransomware breach. The complaint alleges violations of California’s Confidentiality of Medical Information Act . The hospital had reported in October that they were notifying 19,788 about the breach. Access to the Law360 article is restricted to subscribers, but DataBreaches.net’s tracking file on…