Sara Merken reports: Goodwin Procter experienced an indirect security breach involving a third-party vendor whose services the firm uses for large file transfers, according to an internal memo reviewed by Reuters on Tuesday. Goodwin’s investigation into the matter, which is still ongoing, revealed a “small percentage of our clients may have experienced unauthorized access to…
Category: Subcontractor
FR: CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…
Florida Healthy Kids website breached; vendor blamed for not patching
What’s that feeling when you learn your web hosting vendor for the past 7 years had unpatched vulnerabilities that permitted thousands of individuals’ personal information to be accessed without authorization? Nausea? Disgust? Something else? Florida Healthy Kids Corporation posted a notice on their site about an incident that they attribute to Jelly Bean Communications Design. …
Rady Children’s Hospital sued over Blackbaud breach
Law360 is reporting that Rady Children’s Hospital has been sued over the Blackbaud ransomware breach. The complaint alleges violations of California’s Confidentiality of Medical Information Act . The hospital had reported in October that they were notifying 19,788 about the breach. Access to the Law360 article is restricted to subscribers, but DataBreaches.net’s tracking file on…
Wisconsin Medicaid information accessed by unauthorized individual
Devin Willems reports: Gainwell Technologies announced that someone may have gained unauthorized access to some participants’ information in Wisconsin’s Medicaid program. According to a release, an unauthorized individual gained access to an account starting on Oct. 29, 2020, that may have exposed the names, member identification numbers and billing codes for services received of some…
Ronald McDonald House notifying almost 18,000 guests of Blackbaud breach
Those of us who frequently check state attorneys general sites are well aware that there are still many consumers and patients who are first being notified of the Blackbaud ransomware incident last year. Ronald McDonald House is well-known in the U.S., for offering housing accommodations to families who have children being treated for serious illnesses. …