Rick Moriarity reports: A data breach at CNY Works may have exposed the names and Social Security numbers of 56,000 people who have used the nonprofit agency’s services to find jobs. Clients potentially impacted by the breach began receiving letters from the agency this week warning that files targeted by a suspected ransomware attack on the agency’s…
Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach
Hunton Andrews Kurth writes: The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. The sanction was imposed following a data breach that took…
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
Catalin Cimpanu reports: A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a…
Hakbit ransomware campaign targeting specific European countries
Derek Kortepeter reports: Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.” The attacks, described as low-volume, are specifically targeting employees of organizations located in…
Grays Harbor County Hospital Settlement
Grays Harbor Community Hospital in Washington suffered a ransomware attack in 2019. Despite their best efforts, not all data was recoverable. And not surprisingly in our litigious society, a lawsuit was filed against it. According to a proposed settlement announced this week, the lawsuit claims that Grays Harbor was responsible for the Data Incident and…
Hackers obtain Covid-19 patient database in protest at treatment of Indian health workers
Joe Wallen reports: Hackers claim they have accessed the personal data of 80,000 Covid-19 patients in New Delhi stored on a local government website, in protest at the treatment of beleaguered healthcare workers. The Kerala Cyber Hackers group says it broke into the Delhi Government’s Delhi State Health Mission website in less than 10 minutes on Saturday night. Read…