Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Minnesota Department of Employment and Economic Development: security incident may have resulted in some job seekers’ contact info being compromised
KSTP reports: The Minnesota Department of Employment and Economic Development (DEED) says it’s notified job seekers that a recent security incident may have resulted in some personal information being compromised. A DEED spokesperson says the agency recently received information about suspicious communications from one or more persons claiming to be representatives of an approved company…
Court certifies class action lawsuit against federal government over 2020 Canada Revenue Agency cyberattack
Mitchell Consky reports: The Federal Court of Canada has certified a class action lawsuit against the federal government, which alleges negligence in “safeguarding the confidential information of Canadians, leading to widespread privacy breaches.” The suit follows cyberattacks that targeted Canada Revenue Agency accounts and other government services back in 2020. Read more at CTV News.
Quick note: Two more school districts hit by cyberattacks: Skokie-Morton Grove, Decatur ISD
Brett Callow of Emsisoft notes that LockBit has added Skokie-Morton Grove School District 69 in Illinois to their leak site. No proof of claim was posted and no description of any data allegedly stolen was provided. Elsewhere, The Messenger reports that Decatur ISD in Texas suspects a cybersecurity attack is responsible for the internet and…
Coca-Cola FEMSA victim of ransomware attack and data leak
Coca-Cola FEMSA is the bottler of Coca-Cola and its related soft drink products in much of Latin America, which makes it an important part of the Coca-Cola system. This week, a threat actor known to DataBreaches as “TheSnake” and as the person who had also hacked a Brazilian clinic, leaked some data from Coca-Cola FEMSA…
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…