Matthew Renda reports: A federal judge denied approval of a settlement in the Yahoo data breach class action on Monday, saying Yahoo’s refusal to disclose the total amount to be paid out to those affected by the largest data breach in history renders it insufficient. “The proposed notice does not disclose the costs of credit…
Category: U.S.
CO: Critical Care, Pulmonary & Sleep Associates notifies almost 24,000 patients after hack of employee email accounts
Critical Care, Pulmonary & Sleep Associates in Colorado has notified 23,377 patients of a privacy incident. Their on-site notice offers a useful reminder that while bad actors may be seeking to engage in financial theft or fraud, when files with ePHI are connected to employee email accounts, patients and HHS may wind up needing to be…
GA: Mount Zion student pleads not guilty to computer hacking to avoid homework
Tony Reid reports the update to a story previously noted on this site: A Mount Zion High School student is pleading not guilty to three charges of tampering with computers after police said he shut down his school district’s computer network while trying to sabotage a homework assignment. Gage C. Hart, 18, appeared in Macon…
United States: National Futures Association Adopts Notification Requirement For Certain Cybersecurity Incidents
Jeffrey P. Taft and Matthew Bisanz of Mayer Brown write: On January 7, 2019, the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.1 As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services…
‘Worst’ Ransomware Attack Hits Salisbury Police Department in Maryland
NBC Washington reports: A Maryland police department says it experienced its “worst computer network attack” in its history, after the attacker accessed its network through a longtime software vendor. Salisbury police Capt. Rich Kaiser tells The Daily Times of Salisbury that the department’s entire internal computer network was compromised Jan. 9 in a ransomware attack….
Alaska notifying at least 500,000 residents about data security breach previously disclosed in June
Update: The state subsequently revised its estimate to 87,000 letters. How did it get the numbers so wrong — apart from the question of why it has taken so long to send out notifications. This does NOT inspire confidence in the state’s ability to protect ePHI and to notify people promptly in the event…