rthk reports: The Office of the Privacy Commissioner for Personal Data said on Thursday that it has issued an enforcement notice to the Hong Kong Institute of Bankers, following a data leak that affected more than 13,000 members and about 100,000 non-members. Speaking at a press conference, the watchdog said people’s personal information was leaked…
Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered
Richard Vanderford reports on another attempt by insurers to avoid having to cover costs involved in a cyberattack by applying the common war exclusion: The costly NotPetya cyberattack, which the U.S. blamed on Russia, should be considered a “cyber nuclear attack,” insurers argued as they urged judges to overturn a legal win by Merck & Co. in…
NYS Comptroller DiNapoli releases another concerning school district IT audit
Montauk Union Free School District – Information Technology (2022M-137) Issued Date: January 27, 2023 Audit Objective Determine whether Montauk Union Free School District (District) officials secured access to the network and financial application and developed an information technology (IT) contingency plan. Background The District is located in the Town of East Hampton in Suffolk County…
AmerisourceBergen MWI Animal Health hit by Lorenz; Company investigating
The Lorenz ransomware group has added AmerisourceBergen/MWI Animal Health to their leak site with what teasingly appears to be a lot of data, except there is no key to unlock the leaked files. Those who want the key will have to contact Lorenz and buy the key. Lorenz did provide a file list as a…
Hidalgo County Adult Probation Office hit by ransomware attack
Valerie Gonzalez reports: The Hidalgo County Adult Probation Office is recovering from a ransomware attack over the weekend. The incident happened Saturday but was resolved Monday, Hidalgo County Judge Richard F. Cortez confirmed. Read more at MyRGV.com, although there’s not much more to note other than the intriguing statement that they did not have to…
MA: DotHouse Health discloses data breach but has yet to send letters to patients
On or about December 10, AlphV (aka BlackCat) added DotHouse Health.org to their leak site, where they attempt to pressure victims into paying any ransom demands. In this case, the threat actors did not post any proof pack, but they claimed to have infiltrated 800 GB of data from the Massachusetts HIPAA-covered healthcare provider. On…