From the Irish DPC this week: The Irish Data Protection Commission (DPC) today had the decision to impose an administrative fine on Tusla Child and Family Agency confirmed in the Dublin Circuit Court. The application to confirm the decision to impose an administrative fine of €75,000 was made pursuant to Section 143 of the Data…
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….
STJ would have been a victim of ransomware; Ministry of Health suffers attack
It seems like every week, I am being shown evidence of huge — and I do mean HUGE — data leaks out of two countries: India and Brazil. I do not report on most of them. But I am not surprised to read a news report that Brazilian government agencies have been hit with ransomware….
Police open case into leak of 500 soldiers’ personal data
Unian reports: Ukrainian Ombudsperson’s Office says law enforcers have initiated criminal proceedings over the publication on the Internet of personal data of 500 soldiers who had taken part in the Joint Forces Operation in the Donbas warzone. “As a result of the response on the part of the Ukrainian Verkhovna Rada Commissioner for Human Rights, publication…
Alamance Skin Center reports ransomware attack
Andy Warfield reports: A Cone Health medical practice has been hit by a ransomware cyber attack. The Greensboro-based health system announced this week that on Oct. 21, Alamance Skin Center in Burlington was the victim of a phishing scam or brute force attack used to gain access to the system. Read more on BizJournals.
Update: Newcastle students’ data including home addresses leaked on dark web after cyber attack
Theresa Merkel reports: A range of documents including Newcastle University students’ data has been leaked onto the dark web following the cyberattack that disrupted the university’s IT systems in September. The files were leaked by cybercrime group Doppelpaymer on October 12th and include a full list of students, their specific departments, courses and student numbers. Read more…