Jessica Lyons Hardcastle reports: Public companies that suffer a computer crime likely to cause a “material” hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission. The SEC proposed the changes last March, and on Wednesday the financial watchdog voted…
Category: U.S.
Deloitte denies Cl0p data breach claims in wake of MOVEit attack
Ross Kelly reports: Deloitte has refuted claims that the Cl0p ransomware gang has breached its systems and stolen company data amid speculation online. The accountancy firm was cited as a victim on Cl0p’s breach disclosure blog, sparking concerns that clients at the consultancy could be at risk. In its disclosure, Cl0p claimed “the company doesn’t…
Rush Health Must Face Suit Over Health-Info Sharing With Google
Christopher Brown reports: Rush System for Health must defend a proposed class action alleging it shared health information of patients using its patient portal with Google Inc. and other third parties, in breach of its contract with patients and in violation of the Illinois Eavesdropping Act. Marguerite Kurowski successfully stated a claim for breach of contract regarding…
In SEC Battle, Covington Ordered to Disclose Names of 7 Clients
Abigail Adcox reports: U.S. District Judge Amit Mehta of the District of Columbia has ruled that Covington & Burling must disclose to the U.S. Securities and Exchange Commission the names of seven clients whose information may have been exposed in a 2020 cyberattack that impacted the firm. “Covington shall produce to the Commission the names…
Law Firm Hack Affects Victims of an Earlier Breach Again
Marianne Kolbasuk McGee reports: A global law firm is notifying nearly 153,000 individuals of a hacking incident that compromised several client files. The files contained sensitive personal information and affects vision care patients who had been victims of a breach three years ago. Orrick, Herrington & Sutcliffe on July 20 reported the data breach to…
Pointed to a phishing campaign targeting the healthcare sector, Microsoft leaps into action to … not even investigate?!
The relaxing Sunday I was looking forward to did not quite work out as planned. Dutch researcher and all-around good-guy Jelle Ursem (aka @SchizoDuckie) got in touch with me about what appeared to him to be a sketchy site allegedly by a well-known prescription management entity. After a few minutes of checking, there was no…