Alison Frankel reports: A small Baltimore law firm has filed 15,107 demands for arbitration at the American Arbitration Association on behalf of consumers who allege they were affected by a 2018 data breach at the education technology company Chegg. The arbitration demands follow an April 27 ruling from U.S. District Judge Richard Bennett of Baltimore that customers must arbitrate their claims…
Latest Nova Scotia privacy breach reveals names, medical conditions, sexual abuse details
Yvonne Colbert reports: The Nova Scotia government is saying very little about another privacy breach, this one involving an unknown number of Workers’ Compensation Board appeal decisions that include the names of workers and some intimate personal information about them. The government removed the documents after being informed by CBC that the decisions were unredacted and…
Magellan Health notifies employees whose personal data were exfiltrated in a ransomware attack
Magellan Health is notifying an undisclosed number of employees who information may have been exfiltrated in a ransomware attack. The attack began with a phishing attack on April 6 that impersonated a Magellan client. On April 11, Magellan discovered the breach, and called in Mandiant to investigate. Their investigation revealed that the attackers had exfiltrated…
Maze Team under the spotlight
Maze has seemingly done such a good job getting media attention that we’re also seeing more analyses of their methods. This week, check out this report from FireEye: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents and this report from Sophos: Maze ransomware: extorting victims for 1 year and counting In…
Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack, According to Sophos
One of the interesting things I learned this past week at the Privacy+Security Forum Spring Academy was that 75% of a prominent law firm’s clients were able to recover from a ransomware attack without having to pay ransom. I was surprised to hear that statistic, as I would have guessed a higher percentage paid ransom….
Aeries Student Information System discloses breach (with updates)
Aeries Software recently announced a data breach. I didn’t see it, but a reader kindly stuck it under my cybernose today so that I could share it with you. The software firm’s notice of April 27 applies to hosted customers of their Aeries Student Information System. From their notice: What Happened? In late November 2019,…