Sergiu Gatlan reports: The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public’s trust in COVID-19 vaccines. EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union,…
Excellus to pay $5 million to settle charges stemming from breach that impacted 9.3 million
Excellus Health Plan, Inc. has agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach…
Joker’s Stash, the Largest Carding Marketplace, Shuts Down
Gemini Advisory reports that Joker’s Stash, the largest dark web marketplace in the underground payment card economy, has announced that it is shutting down. That’s big news. Go read it about on GeminiAdvisory.io.
Ronald McDonald House notifying almost 18,000 guests of Blackbaud breach
Those of us who frequently check state attorneys general sites are well aware that there are still many consumers and patients who are first being notified of the Blackbaud ransomware incident last year. Ronald McDonald House is well-known in the U.S., for offering housing accommodations to families who have children being treated for serious illnesses. …
Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses
Zack Whittaker reports: A security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app. Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one…
Polish DPA fines Virgin Mobile Polska €460,000: Incidental safeguards review is not regular testing of technical measures
The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 million (EUR 460,000) on Virgin Mobile Polska for the lack of implemented appropriate technical and organisational measures to ensure the security of the processed data. UODO stated that the company infringed the principles of data confidentiality and accountability specified in…