Shaun Nichols reports: Exclusive A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough. The information silo appears to belong to Florida-based CheckPeople.com, which is a…
CA: Enloe targeted by ransomware attack and elective procedures delayed
I missed this one when it was first published. Ashley Gardner reported on January 3: Enloe Medical Center was targeted by a ransomware attack on Tuesday that caused the hospital to reschedule some elective procedures. According to hospital officials, data stored on the hospital’s network was encrypted, preventing staff from accessing the information. Read more…
Native American Rehabilitation Association of the Northwest reports Emotet attack
On January 3, the Native American Rehabilitation Association of the Northwest, Inc. (NARA NW) in Portland, Oregon announced that it experienced a cybersecurity incident November 4-5, 2019. The attack was described as a malware incident with Emotet malware injected when some employees fell for a phishing attack on November 4. The incident was recognized quickly…
UK: DSG Retail Ltd fined £500,000 for failing to secure information of at least 14 million people
From the Information Commissioner’s Office, this release: The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people. An ICO investigation found that an attacker installed malware on 5,390 tills at DSG’s Currys PC World…
IL: Bartlett Public Library recovered from ransomware attack
From the library’s home page: The Bartlett Public Library District’s computer systems were disabled on Saturday, November 30, 2019 by a ransomware virus. Ransomware encrypts data so that the owner loses access to all of their files and emails. No one’s private information was compromised. The Library does not store sensitive information such as credit…
Avid Technology reports a breach that they discovered in 2018
What should states do when notification is made but took more than one year? Are explanations sufficient to avoid any penalties for late notice? Here’s a case where notice to some individuals was made more than 7 months after discovery of a problem, but others did not get notified for more than one year. Read…