Kathleen Saylors and Galen Simmons report: It may have just been a coincidence. But the revelation by Stratford officials on Sept. 19 that the city paid $75,000 to a hacker to regain access to its computer network following a cyber attack five months earlier was followed by a wave of cyber attacks across Southwestern Ontario. In little…
Marriott notifies associates of breach at unnamed vendor
In a year that has seen a number of reports that suggest how costly a past data breach may be for Marriott in Canada as well as the U.K. and U.S., Marriott is disclosing yet another breach. On October 30, Marriott International notified the California Attorney General’s Office of a breach at an unnamed vendor…
Brooklyn Hospital Center notifies patients after data could be not be recovered after malware attack
Brooklyn Hospital Center has issued a press release about a data incident that may not have resulted in access or exfiltration of patient data (they couldn’t determine that) but did result in their inability to recover certain data related to specific patients. From their notice: In late July 2019, the Hospital became aware of unusual activity…
Washington University School of Medicine notifies patients of HIPAA breach
Washington University School of Medicine in St. Louis issued this notice on Nov. 1: Washington University School of Medicine announced today that it began mailing letters to patients whose information may have been involved in a recent security incident at its Department of Ophthalmology and Visual Sciences. On Sept. 3, 2019, the School of Medicine…
Hackers can steal the contents of Horde webmail inboxes with one click
Zack Whittaker reports: A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. […] Numan Ozdemir disclosed his vulnerabilities to Horde in May. An attacker can scrape and download a victim’s entire inbox by tricking them into clicking a malicious…
Texas Updates Data Breach Notification Requirements
Gregory Bautista and William Douglas Sanders of Wilson Elser Moskowitz Edelman & Dicker LLP write: Effective January 1, 2020, the Texas legislature will impose new notification requirements on businesses that maintain personal information of customers. House Bill 4390 amends the Texas Identity Theft Enforcement and Protection Act by requiring that Texas residents be notified of…