HMG Healthcare has posted a notice of a data breach on its website, but most people are unlikely to notice the substitute notice because of the way it has been presented. If the purpose of a substitute notice under HIPAA is to reach people the covered entity may not have sufficient or current contact information…
SEC’s X account hacked, sharing ‘unauthorized tweet’ regarding spot bitcoin ETF
Jacquelyn Melinek reports: The U.S. Securities and Exchange Commission’s X account has been hacked, a spokesperson confirmed with TechCrunch on Tuesday afternoon. “The SEC’s @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff,” the spokesperson said. A similar statement was shared shortly after on the media…
US retail mortgage lender LoanDepot struggles with cyberattack
Frank Bajak reports: The U.S. retail mortgage lender LoanDepot is struggling to recover from a cyberattack that impacted its loan processing and phone service. In a filing on Monday with the Securities and Exchange Commission, the company said data was encrypted by the “unauthorized third party” who broke into company systems. It said certain unspecified…
Capital Health acknowledges a cyberattack last month but details are lacking
LockBit3.0 claims to have hit CapitalHealth.org in New Jersey. In a listing posted on their site on January 7, the threat actors write, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s…
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset. Pavan Karthick M writes: Executive Summary In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables…
Resources: Breach notification laws: US and GDPR
The law firm of BakerHostetler has recently released several free resources of note: EU GDPR Data Breach Notification Interactive Map State Data Breach Notification Law Interactive Map PDF Version of State Data Breach Notification Laws They have also released their annual Data Security Incident Response Report for 2023. Thanks, as always, to Joe Cadillic for…