Melissa Tutesigensi reports: A private email containing sensitive information about a student was sent to all Theology undergraduates this morning. The discussion about a student’s mental health and attendance was accidentally forwarded to several hundred students. The student was explicitly named in the email and specific details about their university life were highlighted. In the…
United States: National Futures Association Adopts Notification Requirement For Certain Cybersecurity Incidents
Jeffrey P. Taft and Matthew Bisanz of Mayer Brown write: On January 7, 2019, the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.1 As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services…
Ca: REPORT: Significant privacy breach at Belleville General Hospital
David Foot reports: According to newspaper reports, there’s been a privacy breach at Belleville General Hospital, in what Quinte Health Care officials are calling an isolated incident. The Belleville Intelligencer report says a nurse was fired over the incident for accessing “hundreds of patient records” and that, while QHC staff are trying to nail down…
‘Worst’ Ransomware Attack Hits Salisbury Police Department in Maryland
NBC Washington reports: A Maryland police department says it experienced its “worst computer network attack” in its history, after the attacker accessed its network through a longtime software vendor. Salisbury police Capt. Rich Kaiser tells The Daily Times of Salisbury that the department’s entire internal computer network was compromised Jan. 9 in a ransomware attack….
Millions of bank loan and mortgage documents have leaked online (UPDATED)
Update: One day later, the story of the OpticsML breach got much worse when Bob Diachenko found a second exposure involving the vendor. Read about it here. Original post: Zack Whittaker reports on a leak discovered by Bob Diachenko of Security Discovery: A trove of more than 24 million financial and banking documents, representing tens…
DHS: Emergency Directive 19-01
From the Department of Homeland Security: January 22, 2019 Mitigate DNS Infrastructure Tampering This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 19-01, “Mitigate DNS Infrastructure Tampering”. Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information…