Felipe Demartini reports (translation): A serious security breach exposed the information of, it is believed, all customers of the iugu services company, which operates in Brazil through financial management and automation systems. Users’ personal, banking and transaction data was available on an unprotected server for at least an hour. The discovery is by security expert…
Ca: Durham Region hit by cyberattack
Durham Radio News reports: Durham Region has been hit by a recent cyberattack and experts are working to figure out what information may have been compromised. That’s according to a statement from the region, which can be read below. They say the vulnerability has since been addressed and the regional systems have been secured. There’s…
SG: Possible data breach involving 62,000 e-mails sent to Certis
Kenny Chee reports: About 62,000 e-mails from the public, businesses and customers of local security firm Certis, some containing NRIC and credit card numbers, may have been accessed by cyber criminals, the company said on Friday (April 9). This includes customers of Certis’ safe deposit box service. The e-mails all came from a customer service…
Maine Enacts NAIC-Inspired Cybersecurity Law
Heather McArn, Bryant Roby Jr. and Judith Selby of Hinshaw write: Maine has become the latest state to adopt a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. Signed into law on March 17, 2021, the Maine Insurance Data Security Act establishes investigation procedures, data security program standards, and notification requirements for persons…
In Memoriam, Kurt Wimmer
One of the most important contributors to this blog will be laid to rest this morning, and I am absolutely gutted. For more than one decade, Kurt Wimmer was this blog and this blogger’s First Amendment defender and counsel. It was only with Kurt’s pro bono help and that of Jason Criss, and their colleagues…
Cyber Breach Disclosures Still Take More Than a Month
Vincent Ryan reports: After being discovered, cybersecurity breaches are not consistently disclosed promptly, found an Audit Analytics study of public companies released on Friday. On average, publicly held companies took 53 days to disclose a breach incident after discovering it. The 53-day average disclosure timeframe is less than the 10-year average of 67 days, but…