Eisya A. Eloksari reports: A recent data breach case involving fintech aggregator platform Cermati.com, the fifth known this year, again highlights the vulnerability of user data on digital platforms and the urgency of a personal data protection bill, experts have said. Data on almost 3 million users from fintech aggregator platform Cermati.com was leaked and sold online…
Cork hospital fined €65k after patients’ personal data found in public recycling facility
Cianan Brennan reports: The Data Protection Commission (DPC) has handed down a €65,000 fine to Cork University Maternity Hospital (CUMH) after the personal data of 78 of its patients was discovered disposed of in a public recycling facility elsewhere in the county. The complaint was first raised with the DPC in June 2019 after a…
Don ‘t pay ransom on the promise your data will be deleted, because it won’t be — Coveware
In Coveware’s Q3 2020 report, there’s a section on criminals not keeping their word about deleting data if you’ll just pay them their extortion demands (imagine criminals not keeping their word — oh, the shock): PAYING A RANSOM MAY NOT STOP RANSOMWARE GROUPS FROM LEAKING THE EXFILTRATED DATA Coveware feels that we have reached a…
Ca: Kingston Health Sciences Centre investigating possible cyber-security incident
Chris Vilela reports: Kingston Health Sciences Centre (KHSC) has confirmed that it is currently facing an online access interruption, which a source at the hospital says is related to a possible cyber-security breach. KHSC did not immediately disclose the exact nature of the incident. “We can confirm that KHSC’s internet access and external-facing systems are…
Configuration snafu exposes passwords for two million marijuana growers
Catalin Cimpanu reports: GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Read more on ZDNet. h/t, @Chum1ng0
Another k-12 district reports a data breach
This time, it’s Columbus City Schools in Ohio, who report that on May 1, they learned that an employee’s email account had been compromised. Their subsequent investigation resulted in them notifying an undisclosed number of people that their name and social security number had been in the employee’s email account. You can read the October…