Cooper Sullivan reports: On the morning of April 14, the University Counseling Center sent out a feedback survey to 860 email addresses — some students, faculty, staff and 68 accounts unaffiliated with the university — in which the recipient list was unencrypted and visible to all who had access to the email. About 10 minutes…
ToxicEye: Trojan abuses Telegram platform to steal your data
Charlie Osborne reports: Operators of a new Remote Access Trojan (RAT) are exploiting the Telegram service to maintain control of their malware. Dubbed ToxicEye, the RAT abuses Telegram as part of command-and-control (C2) infrastructure in order to conduct rampant data theft. On Thursday, Omer Hofman from Check Point Research said in a blog post that the new…
Illinois Attorney General’s Office hit by ransomware? State investigating.
Threat actors known as DoppelPaymer claim to have attacked the Illinois Attorney General’s Office. And on April 13, the AG’s office acknowledged that they were investigating a network compromise: April 13 — Attorney General Kwame Raoul today announced the Office of the Attorney General’s network has been compromised. Attorney General Raoul released the following statement:…
CA: Cyberattack targets Santa Clara Valley Transportation Authority
Nico Savidge reports: A cyberattack targeting the Santa Clara Valley Transportation Authority last weekend has forced a days-long shutdown of many of the agency’s computer systems. VTA officials say they believe they have contained the attack, but key systems remained offline Thursday. The authority is still trying to determine whether any personal information of customers…
Ca: Canac hardware stores victims of a cyberattack
David Remillard reports (translation): The Quebec hardware store Canac was recently the target of a cyber attack, causing computer failures for nearly two weeks. For the moment, nothing suggests that sensitive data has been stolen. The cyberattack took place on April 9, confirms Patrick Delisle, the company’s marketing director. The firm seems to be cautiously optimistic…
Will Beacon Health Solutions’ incident prompt OCR to start enforcing notification “without undue delay?”
The following is a DataBreaches.net commentary. Beacon Health Solutions issued a press release yesterday about a breach they experienced last year as a business associate. Their press release provides a useful example of why OCR needs to get serious about enforcing the requirement that entities notify patients within 60 days of “discovery.” “Discovery” does not…