Scott Ferguson reports: In January, hackers compromised portions of the New York state government’s computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software, according to the Wall Street Journal. While the New York State Office of Information Technology Services discovered the hacking incident on Jan. 28, officials did not disclose the breach…
RagnarLocker ransomware hits EDP energy giant, asks for €10M
Sergiu Gatlan reports: Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind…
You’re One Misconfiguration Away from a Cloud-Based Data Breach
Suresh Kasinathan writes: Not all instances of data exposure in the cloud are the product of malicious intentions from either internal or external actors. In its “2019 Data Breach Investigations Report” (DBIR), for instance, Verizon Enterprise showed that errors constituted one of the top causes in the data breaches it examined. Verizon’s researchers attributed 21%…
Equifax settles Indiana case over massive data breach for $19.5 million
Nate Raymond reports: Equifax Inc will pay Indiana $19.5 million to resolve claims it failed to protect residents whose personal information was exposed in a data breach that affected 147 million people, the state’s attorney general said on Monday. Read more on Reuters.
Another Court Significantly Limits the Scope of Criminal CFAA–Sandvig v. Barr
Eric Goldman writes: The plaintiffs want to create fake job profiles to research algorithmic discrimination. Fearing that their research activities would expose them to criminal CFAA prosecution, they challenged the CFAA as violating their First Amendment rights. Venkat blogged a preliminary ruling in the case 2 years ago. Now, the court dismisses the researchers’ suit as moot…
Canadian passengers from virus-stricken Zaandam cruise ship hit by federal gov’t privacy breach
Sophia Harris reports: After enduring a cruise with a COVID-19 outbreak and four deaths, the 247 Canadian passengers who were aboard the Holland America Line ship, the MS Zaandam, face a new problem: a privacy breach by the federal government. […] In a detailed email Global Affairs Canada sent Canadian passengers during the Easter holiday…