E Hacking News reports: Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services […] The CDEC claims that there was no data leak from the company. As…
UK: Over 190 Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Documents
Alicia Hope: A leading UK software company exposed personal information belonging to over 190 law firms through an unsecured online database. TurgenSec security firm discovered the breach but could not immediately identify the owner of the online database and therefore contacted the National Cyber Security Centre (NCSC). Following the Responsible Disclosure Policy, the firm contacted…
DSIR Deeper Dive: The Ransomware Epidemic
David Kitchen and Anthony P. Valach of BakerHostetler compare their firm’s 2019 report to the 2020 data. Considering that this law firm represents a number of clients who have been attacked with ransomware, their experiences are instructive, and their article also provides some action items for entities. Read more on Data Privacy Monitor.
AU: My Health Record system hit by hack attempt
Justin Hendry reports: The My Health Record system was the subject of an attempted hack over the past 11 months, the Australian Digital Health Agency has revealed. National health chief information officer Ronan O’Connor told a parliamentary inquiry into cyber resilience the cyber incident was one of two “potential data breaches” to occur since July…
Third Circuit Offers Blueprint for Defeating Data Breach Class Actions
Jeffrey N. Rosenthal and David J. Oberly discuss how the Third Circuit offers defense attorneys a way to possibly get some data breach lawsuits dismissed. They write, in part: Taken together, Reilly and Horizon operate to create a diving line between circumstances where standing might exist in the Third Circuit. Under Horizon, standing can often be established where plaintiffs are…
PsyGenics notifies patients after discovering employee emailed patient info to her personal email account
Michigan-based PsyGenics, Inc. provides holistic mental health services to individuals diagnosed with intellectual and developmental disabilities. On March 25, during a routine security review, they discovered that an employee had emailed files to her personal email account on March 24 — and the spreadsheet contained patients protected health information: name, diagnosis code, appointment time, and…