Hunton Andrews Kurth writes: On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations, prohibits government entities from paying a ransom to…
Search Results for: ransomware
Court Rejects Demand for “Corrective” Notice in Blackbaud Data Breach MDL
Brianna Soltys and Kristin L. Bryan of Squire Patton Boggs write that the the Judicial Panel on Multidistrict Litigation, which had consolidated all federal lawsuits against Blackbaud in the District of South Carolina, has rejected plaintiffs’ motion to require Blackbaud to issue a corrective notice. As a brief reminder: Blackbaud provides third-party services for entities…
Current, former Lakota Local Schools students possibly impacted by third-party data breach
Jared Goffinet reports on a third-party breach affecting some Ohio schools: A ransomware attack of a third-party data company may impact some current and former Lakota Local Schools students. Battelle for Kids was the recent victim of a data breach, according to the district. Battelle for Kids is a company that houses student’s state testing…
ARcare reports breach; Smile Brands updates its disclosure to 2.6 million affected
Two reports that I have been reading today: ARcare ARcare in Arkansas is notifying people whose personal and/or medical information may have been accessed or acquired in a malware incident. The malware enabled an unauthorized actor to access or acquire data between January 18, 2022 and February 24, 2022. The types of information involved included…
Silent no more: Exposing a campaign that intimidated researchers and journalists
On April 20, DataBreaches.net reported that a threat actor contacted this site to say that a researcher, @ido_cohen2, had been scared off the internet after the threat actor’s colleague(s) used a fake Emergency Data Request (EDR) to obtain the researcher’s account information from Twitter. DataBreaches could see that @ido_cohen2’s Twitter account had been deleted and…
Illinois Gastroenterology Group is providing notification of breach first discovered last October
From their notification: Illinois Gastroenterology Group, PLLC (“IGG”) is providing notice of a recent incident that may affect the security of certain individuals’ information. On October 22, 2021, IGG discovered unusual activity within its computer network. IGG immediately launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the nature and scope of the…