KWCH reports that Kansas Heart Hospital became a victim of a ransomware attack Wednesday night. The hospital’s president, Dr. Greg Duick, says the hackers never got access to patient information, but the attack did cause problems. And here’s an example of why paying ransom may not be a good idea. The hospital agreed to pay the small ransom…
UBS wins $1.1M from Wells Fargo in insider data theft case
William Sprouse reports the outcome of an arbitrated insider data breach case where a departing employee allegedly took client data with him to his new employer. I don’t think this case was ever covered on this site before, but Law360 had reported the lawsuit back in 2012. Sprouse reports: A FINRA arbitration panel ruled a…
Eric Donys Simeu extradited from France; Phished GDS companies’ customers for login creds (Updated)
ATLANTA – Eric Donys Simeu, a/k/a Martell Collins, a citizen of Cameroon, has been arraigned on federal charges of conspiracy, wire fraud, computer fraud and access device fraud. Simeu was indicted by a federal grand jury in Atlanta on September 23, 2014. According to U.S. Attorney Horn, the charges, and other information presented in court:…
Standing should not stop data breach suit, civil liberties group says
Worth re-visiting in light of the Supreme Court’s ruling in Spokeo v. Robins: Consumers whose personal information was accessed in a cyberattack should not have to show someone stole their identities or ruined their credit to have standing to sue the hacked company, according to a friend-of-the-court brief filed in a federal appeals court. Washington-based Electronic…
Fur Affinity goes read-only while it strengthens security after recent attacks
First Fur Affinity posted this in their forums: It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity’s source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a…
UK: Tesco call centre worker fined over customer data breach
So what do you think the penalty/fine should be for an employee wilfully emailing themselves customer data that they had no business copying and taking? Jail time? A monetary penalty? Community service? Keep in mind that the defendant had to return from Lithuania to be sentenced. Sounds serious, right? BBC reports that Thomas Wengierow, 47, who…