A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…
Category: U.S.
Premier Kids Care, Inc. notifies patients of attack first discovered in April
Premier Kids Care, Inc. (PKC) of Georgia provides specialized pharmacy and home clinical services for children with diabetes, endocrinological, and perinatal needs. On April 6, 2020, PKC discovered it had been targeted by a cyberattack and that an unauthorized actor had gained access to PKC systems. An investigation into the incident revealed that the unauthorized…
Helena Public Schools notifies some employees after burglar snatched USB with their timesheets
Helena Public Schools recently notified some current and former employees involved in the after-school student program that their data was on a stolen USB drive. According to their notification letter, on September 28, 2020, the district discovered that the Lincoln Elementary School building had been burglarized over the previous weekend. Among several items that were…
DoppelPaymer dumps data from public school districts in Mississippi and Montana
Why ransomware threat actors go after small school districts with few resources still puzzles me. The districts may be “low-hanging fruit” from a security perspective, but they generally do not have the resources to pay big ransom demands. So why target them? My puzzlement notwithstanding, a number of ransomware teams do attack k-12 districts. DoppelPaymer…
GenRx Pharmacy Breach Notice Shows How to Do It Right
This may be one of the best breach notifications I have ever read — for its plain language, clarity, and lack of attempt to spin. Not only did these folks respond promptly to an attack, but they had usable backups, stopped the attack quickly, and just…. handled this so well, it seems. Maybe they didn’t…
Seven states settle with CafePress over 2019 data breach
In August, 2019, this site noted that CafePress had been hacked in February. On October 1, 2019, I shared some of the notification I had received from them via email on September 30 because I found their notification confusing. Yesterday, state attorneys general announced a settlement with CafePress, stemming from the breach. This is the…