Laura Vozzella reports: A “sophisticated cyberattack” struck the offices of Virginia Attorney General Jason S. Miyares on Wednesday, forcing the agency to shut down computer systems and resort to paper court filings as Virginia State Police and the FBI investigate. “Unfortunately our agency has been the victim of what appears to be a sophisticated cyberattack,”…
Category: U.S.
School board approves letter to AG for PowerSchool data breach
Caleb M. Soptelean, The Sanford Herald, N.C. reports: The Lee County Schools Board of Education has requested that the North Carolina Attorney General pursue legal action against PowerSchool over a nationwide data breach that occurred late last year. The school board voted unanimously to send a letter to the AG, which was requested by board…
Humboldt Independent Practice Association’s breach notification leaves questions unanswered
On November 11, 2024, Humboldt Independent Practice Association (Humboldt IPA) submitted a breach report to HHS that used a placeholder of 500 for the number of patients affected. All we knew from HHS’s entry was that it was some kind of hacking or IT incident involving protected health information located in email. The California entity’s…
Attorney General James Releases Statement on DOGE Access to Sensitive Personal Information
When DataBreaches said, “Send in the lawyers” to sue Musk, she was thinking of personal injury lawyers who handle data breach litigation. But 14 state attorneys general may be even better. From NYS Attorney General Letitia James: NEW YORK – New York Attorney General Letitia James today led a coalition of 14 attorneys general in…
DISA Incident: Update on Review of ‘Potentially Affected Files’ and Notification Plan
BakerHostetler writes: On Thursday, Jan. 23, DISA Global Solutions, Inc. (DISA) provided an update to customers regarding its April 2024 cyber incident, including the results of its data review and notification plans. According to DISA, its investigation determined an unauthorized third party accessed its environment between Feb. 9, 2024, and April 22, 2024, and “procured…
Almost one year later, NorthBay Health notifies 569,012 people of breach of sensitive information
While some states are decreasing the amount of time entities have to notify the state or individuals of a breach, the reality is that many entities are nowhere near complying with even more lenient deadlines. HIPAA, for example, allows entities no more than 60 calendar days from discovery of a breach (the first day they…