Annie Burky reports: Amazon-owned PillPack reported a cybersecurity attack affecting the accounts of nearly 20,000 customers. An unauthorized person used customer emails and passwords to log into PillPack customer accounts, over 3,000 of which contained prescription information. Social Security numbers and payment information were not involved in the attack, according to the online pharmacy. Read…
The Underground History of Russia’s Most Ingenious Hacker Group
Andy Greenberg writes: Ask western cybersecurity intelligence analysts who their “favorite” group of foreign state-sponsored hackers is—the adversary they can’t help but grudgingly admire and obsessively study—and most won’t name any of the multitudes of hacking groups working on behalf of China or North Korea. Not China’s APT41, with its brazen sprees of supply chain attacks, nor…
Pennsylvania Breach of Personal Information Notification Act (BPINA)
John F. Lushis, Jr. of Norris McLaughlin P.A. writes: In December 2005, Pennsylvania enacted the Breach of Personal Information Notification Act (the “2005 BPINA”). Known as the 2005 BPINA Act, its purpose is to provide “for security of computerized data and for the notification of residents whose personal information data was or may have been disclosed…
San Diego Unified students’ medical data compromised in October cybersecurity breach, school district says
Lauryn Schroeder reports: An October data breach of San Diego Unified School District’s network involved students’ medical information, the district told families in a letter sent this month. Dennis Monahan, executive director of risk services for the district, said an investigation into the breach has revealed that the names and medical information of students were…
Rackspace gets San Antonio federal judge to toss proposed class-action suit over ransomware attack
Patrick Danner reports: Rackspace Technology Inc. won’t have to face proposed class-action litigation in San Antonio over a December ransomware attack that hobbled the cloud computing company. U.S. District Judge Xavier Rodriguez on Thursday sided with Rackspace in dismissing litigation that had been brought by 37 plaintiffs from across the U.S. who lost access to email and related data as a result…
Health Breach Notification Rule: FTC wants your insights into proposed changes
From the FTC: The Health Breach Notification Rule has been in place since 2009. Given the pace of innovation, that seems like a century in tech years. Since then, we’ve seen an explosion in the popularity of health apps, fitness trackers, and other health-related monitors. To keep up with technological developments and evolving business practices, the…