I’ve always resisted any urge to write a “worst breaches of the year” piece at the beginning of December because I just know that if I do, there’s going to be something that would be on my “worst” list if only I had waited a few weeks. The Conti ransomware attack on Leon Medical Centers…
Category: U.S.
Bill & Melinda Gates Foundation’s Charity GetSchooled Breaches 900k Children’s Details
WELP reports: The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals,…
OR: Treasure Valley Community College notifies community members of breach after late discovery
Treasure Valley Community College (“TVCC”) has become aware of a data security incident that may have involved the personal information of certain TVCC community members. TVCC is offering complimentary credit monitoring services to them. On August 25, 2020 , TVCC learned that unauthorized access to an employee email account had by an unknown person may have exposed personal…
FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule
Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…
Riverside Community Care notifies clients of October ransomware attack
On November 9, DataBreaches.net posted a commentary calling for patients to be notified sooner when their data had been stolen and dumped by ransomware threat actors. In the companion article to that post, Without Undue Delay, specific victims were listed with comments as to whether they had notified patients or not. One of those victims who…
Camera Giant Canon Targeted in Proposed Data Breach Class Action
Jake Holland reports: Camera and lens manufacturer Canon U.S.A. Inc. was hit with a proposed class action after a ransomware attack exposed current and former employees’ personal information. The plaintiffs—residents of Ohio, New York, Florida, and Illinois—allege that the company acted negligently and violated several state trade practices laws by failing to guard against the threat, according…