Ed Targett reports: Financial technology company EquiLend – the owner of a NGT [Next Generation Trading], a platform that executes $2.4 trillion of securities transactions each month – has confirmed “unauthorized access to our systems” on January 22. The incident has disrupted some of its services, it confirmed. “We took immediate steps to secure our…
University of Twente Maps Decision-Making Process for Ransomware Victims
The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led…
Feds Charge Alleged ‘TLO’ Underground Data Broker
Joseph Cox reports: This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. Authorities charged a man from Baltimore on Monday with allegedly running a so-called TLO data service, a tool that makes it incredibly easy for hackers and other criminals to dox nearly anyone in America quickly and…
Bucks Co. emergency dispatch system down for days due to cyberattack
Hayden Mitman reports: Law enforcement officials in Bucks County are working to restore services to its computer-aided dispatch system, or CAD system, after a cyberattack on Sunday crippled the service. However, county officials said 9-1-1 services remain operational and first responders are relying on phone and radio communication as the county investigates the incident. In…
COVID Test Data Breach: 1.3 Million Patient Records Exposed Online
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained nearly 1.3 million records, which included COVID-19 testing information and personally identifiable information such as the patient’s name, date of birth, and passport number. Jeremiah Fowler writes: The publicly exposed database contained an estimated 1.3 million records that included 118,441…
Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment
Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. First, the Dutch SA decided that the company was required to perform a DPIA…