PayPal has sent breach notifications to 34,942 users this week. Their notification reads, in part: On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident,…
New Cybersecurity Directives (NIS2 and CER) Enter into Force in EU
Hunton Andrews Kurth writes: On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity…
Mailchimp says it was hacked — again
Zack Whittaker reports: Email marketing and newsletter giant Mailchimp says it was hacked and that dozens of customers’ data was exposed. It’s the second time the company was hacked in the past six months. Worse, this breach appears to be almost identical to a previous incident. The Intuit-owned company said in an unattributed blog post that its security team detected an intruder…
Russia-linked drug marketplace Solaris hacked by its rival
Over in the no-honor-among-thieves department, Daryna Antoniuk reports: Solaris, one of the leading darknet drug marketplaces, has been taken over by its rival, according to research released this week. Users who tried to access Solaris after January 13 were redirected to the recently-launched Russian language drug marketplace known as Kraken, which claimed to have successfully taken over…
Ph: Comelec, Smartmatic cleared of data privacy violations in 2022 polls
Hana Bordey reports: The National Privacy Commission (NPC) has cleared the Commission on Elections and the Smartmatic Group of Companies of alleged violation of the Data Privacy Act (DPA) over the supposed breach of election data during the 2022 national and local polls. This was announced by Comelec spokesperson Rex Laudiangco in a press statement…
MN: Mayo Clinic settles another lawsuit stemming from insider-wrongdoing
Andy Brownell reports: The Mayo Clinic has apparently settled another lawsuit stemming from a data breach by a former Mayo Clinic employee. The lawsuit was filed in November 2020 by Olga Ryabchuk and sought class-action status on behalf of the more than 1600 Mayo Clinic patients who had their medical records improperly accessed. The case was officially…