As those trying to monitor and analyze the massive MOVEit breach are already aware, the Teachers Insurance and Annuity Association of America (“TIAA”) provided university faculty retirement benefits to a number of colleges and universities. The TIAA part of the breach was not a direct attack on the vendor’s systems. TIAA was notified by its vendor,…
Buckingham County Public Schools notifies 86 students after a business email account was compromised
Buckingham County Public Schools in Virginia has sent notifications to parents of 86 students after a compromise of a district’s business email account. The incident occurred on June 20. Information in the email account included the student’s name “coupled with a limited amount of health or medical diagnostic and treatment information, and/or address. Examples typical…
Attorneys on alert for cybersecurity threats: New York’s new CLE training requirement
John Bandler reports: July 1st was a cybersecurity milestone for every New York attorney who now needs to complete an hour of cybersecurity training before renewing their law license. New York Courts in their role supervising and licensing attorneys recognize the importance of cybersecurity, and the threat of cybercrime. Cybercrime menaces every person and organization…
‘It feels like a digital hurricane’: Coastal Mississippi county recovering from ransomware attack
Jonathan Greig reports: A coastal Mississippi county is in the process of recovering from a wide-ranging ransomware attack that took down nearly all of the government’s in-office computers. Nestled right along the border with Alabama, George County is the quiet home to more than 25,000 people. But the local government was thrown into chaos this…
VirusTotal: We’re sorry someone fat-fingered and exposed 5,600 users
Jessica Lyons Hardcastle reports: VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees. The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally uploaded…
1st Circuit confirms standing for data breach victims
Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class…