Brian Bliss reports that Johannesburg-Lewiston Area Schools (JLAS) in Michigan fell victim to a ransomware attack. The type of ransomware was not reported, nor the amount of the ransom (which the district and their insurer paid). Read more about the incident on Gaylord Herald Times.
FTC Calls For Data Breach Law To ‘Clarify’ Its Authority
Ben Kochman reports: The Federal Trade Commission has called on Congress to “clarify” its authority to regulate data breaches, while responding to the White House’s request for advice on how the administration should handle consumer privacy. In comments posted last week to the U.S. Department of Commerce‘s National Telecommunications and Information Administration, the FTC said…
Boxes of private, personal records left exposed in government office for weeks
CBC News reports: Fifty boxes of records containing “sensitive personal information” spent nearly three weeks sitting in a central area of the Grand Falls-Windsor Department of Transportation and Works depot this spring, according to Donovan Molloy, the province’s privacy commissioner. “It’s one of the most serious inadvertent breaches that I’ve seen in my term as…
True Identity of Notorious Hacker tessa88 Revealed – Recorded Future
From Insikt Group: New findings strongly suggest that the individual behind tessa88 may be Maksim Donakov of Penza, Russia, who operated under multiple different monikers on the dark web. It is possible that a second unknown individual was assisting Donakov in maintaining the tessa88 account, adhering to impeccable OPSEC procedures and until this day remaining…
NYSED Security Over Critical Information Systems (Follow-Up Audit by NYS Comptroller)
From the Office of the New York State Comptroller, this follow-up report on the New York State Education Department shows ongoing concerns that have not been addressed at all or only addressed partially: Issued: November 13, 2018 Link to full audit report 2018-F-17 Purpose To determine the extent of implementation of the two recommendations included…
The GDPR: When do schools need to report data breaches?
Luke Irwin reports: …. A major concern is the GDPR’s requirement that organisations report certain types of data breach to their supervisory authority within 72 hours of becoming aware of the incident. It’s one of the toughest rules to meet, but this blog provides you with all the details you need. Read more on IT Governance…