Phil Pennington reports: The New Zealand Transport Agency (NZTA) has admitted to a technology botch up leaving what was meant to be a highly secure data key wide open. “The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up,” NZTA said in statement. Read…
Money for Nothing: Ransomware Plagues Local Governments
Dennis Fisher writes: The string of ransomware attacks against state and local government agencies that began to ramp up a couple years ago is continuing unabated, and the attackers in some incidents are becoming quite aggressive with their ransom demands. […] Data collected by security firm Barracuda on ransomware attacks shows that there were 55…
Oklahoma pension fund reports $4.2 million cyber theft
AP reports: The FBI is investigating after computer hackers managed to steal about $4.2 million in funds from a pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers, state officials said Friday. A notice posted on the Oklahoma Law Enforcement Retirement System website said the agency notified the FBI and…
Face Recognition App Leaks Photos Of Suspects From Madurai Police Database
Kritti Bhalla reports: In a major privacy breach, Tamil Nadu police’s Madurai unit’s database of thousands of ‘suspected criminals’ was made public without its knowledge. The database included names and photographs of the people under the scanner. The leaked data also included OTP codes, administrator password and details of the police officers using the app….
Unalaska recovers $2.3M after phishing email scam
Hope McKenney reports: More than $2.3 million dollars has been returned to the City of Unalaska, after a nearly two-month federal investigation into a fraudulent financial request. Between May 15 and July 9, the city paid out $2,985,406.10 to a fraudulent bank account as a result of a phishing email scam. The sender of the…
Alive Hospice’s breach notification required a second breach notification
It occasionally happens that a breach or incident response creates a second incident of its own. That seems to be the case with Alive Hospice, as this newest press release suggests, but does this require second notification to HHS/OCR? My first impression is that it would, but I’m interested to hear what HIPAA lawyers might…