CUNA reports: NCUA issued a Letter to Credit Unions (23-CU-07) on the cyber incident notification requirements that go into effect Sept. 1. Credit unions will be required to notify the NCUA no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or has received a notification from…
ShopBack fined S$74,400 for data breach of over a million users
Zhao Yifan reports a follow-up to an incident previously noted on this site. Ecommerce Enablers, which operates the online shopping service platform ShopBack, was fined S$74,400 for its failure to safeguard users’ personal data. The data breach incident happened on Sep 9, 2020 when a malicious threat actor accessed Ecommerce Enablers’ storage server with a…
NYC Finance Department Sent Every Employee Their Colleagues’ Personal Info
Yoav Gonen reports: The city Department of Finance inadvertently emailed a roster of all of its staff — containing home addresses, cell numbers and personal email addresses — to the agency’s roughly 1,800 employees in a botched test of its emergency notification system, THE CITY has learned. The snafu was accompanied by automated calls to…
TN: Cleveland City Schools face ransomware attack
Courtney Goins reports: Cleveland City Schools faced a ransomware attack this week, but it only affected a small number of devices. The school system said they became aware of the issue on Tuesday, August 15. An issue they say is affecting many other school districts as well. […] Sensitive information is secure offsite, and officials…
Ransomware Diaries: Volume 3 – LockBit’s Secrets
Add this to your must-read list for the week (after you finish the Georgia indictment, of course, although to be honest, the ransomware diaries entry is more fascinating). Jon DiMaggio of Analyst1 writes: In this volume of the Ransomware Diaries, I will share interesting, previously unknown details of the LockBit ransomware operation that LockBit has…
Hospital Mergers Double the Risk of a Data Breach, Study Shows
Joseph J. Lazzarotti of JacksonLewis writes: The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the financial and manufacturing sectors.” Industry analysts cite to many reasons for this, including…