Jess Ma reports: Hong Kong’s privacy watchdog has served a warning letter to the Urban Renewal Authority (URA) over its failure to prevent a leak of the personal details of 199 tenants and owners stored on a cloud platform. The Office of the Privacy Commissioner for Personal Data issued an investigation report on Thursday and…
Hackers Claim To Have Compromised Data Broker Used By U.S. Government To Dodge Warrants
Over on TechDirt, Karl Bode writes: Gravy Analytics, the parent company of Venntel, is like many dodgy data brokers. The company gleans vast troves of sensitive U.S. behavior and location cellphone data, then generally sells access to that data to a long line of folks. Including the U.S. government, which has increasingly turned to buying…
HHS Office for Civil Rights Settles 9th Ransomware Investigation with Virtual Private Network Solutions
HHS OCR announced another settlement that is their ninth ransomware investigation and their third settlement as part of their Risk Analysis Initiative. This one stems from a breach by VPN Solutions that was previously reported on this site: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a…
HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information
Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach? The following is HHS OCR’s press release today. Settlement resolves multiple Security Rule failures Today, the U.S. Department of Health and…
Symbol Will Indicate When Connected Devices Are Cyber Secure
Andrew Martin reports: Consumers may soon be able to buy electronic products with a label indicating they are “cyber secure,” according to US officials. The White House on Tuesday announced the launch of a new US Cyber Trust Mark, indicating designated items follow best practices to avoid possible hacks. Products with the cyber mark are…
PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts (2)
Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…