James Delaney reports: An Edinburgh mental health clinic is at the centre of a probe into a data breach resulting in hundreds of client contact details being accessed as part of a phishing scam. Bosses at The Edinburgh Practice, which offers a range of psychological and psychiatric counselling, were accused of failing to properly notify patients of the…
UK: NHS vaccination website leaks people’s medical data
Joel Khalili reports: A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process. Read more on…
Here’s the breakdown of cybersecurity stats only law firms usually see
Joe Uchill has a good interview with Craig Hoffman of BakerHostetler about their recent report that includes their extensive incident response experiences handling ransomware incidents. BakerHostetler has always been one of my most trusted resources on breach responses, as they are quite blunt about their advice — even when it may be what government or…
NSW readies its own data breach notification scheme for state agencies
Asha Barbaschow reports: The New South Wales government is preparing a new Bill that will require public sector and state-owned entities to report a data breach to the Privacy Commissioner as well as any affected individuals. The Privacy and Personal Information Protection Amendment Bill 2021 aims to strengthen privacy protection in NSW and extends the federal breach…
Ca: Brreach possibly affects 100s of Yukon gov’t workers: Department of Finance.
Julien Gignac reports: Roughly 400 Yukon government employees may have been affected by a recent privacy breach, according to a spokesperson at the Department of Finance. […] According to a government-issued notice obtained by CBC, a problem occurred during the processing of T4 and T4A slips that may have caused information such as Social Insurance…
Ro: Cluj County Council’s website was hacked by hackers. They are asking for $100 in bitcoins
Digi24 reports that the Cluj County Council was hacked and the threat actors demand $100 USD in BTC if the council doesn’t want the files dumped. The following is a translation of the defacement: All files have been encrypted and a backup copy of the site has been saved. If you do not want the…