As previously reported, the South Pacific archipelago Vanuatu announced in early November that they had been hit with a ransomware attack that pretty much stranded the islands. Almost one month later, the islands had not recovered. On December 24, RansomHouse threat actors added the government of Vanuatu to their leak site, claiming to have locked…
Cincinnati State data breach possibly exposed Social Security numbers, other information
Quinlan Bentley reports: Cincinnati State Technical Community College says a cybersecurity breach potentially exposed personal information stored on its network. The Clifton-based college detected unauthorized access to the network on Nov. 2 and an investigation was launched in consultation with outside cybersecurity professionals, according to a notice posted to Cincinnati State’s website on Friday. Read more at…
Queensland University of Technology shuts IT systems after being hit by ransomware attack by Royal Team
Lillian Rangiah reports: A cyber attack at Queensland’s second-largest university has caused campus printers to spit out ransomware notes in bulk. The Queensland University of Technology has shut down multiple IT systems as a precaution. QUT Vice-Chancellor Professor Margaret Sheil said her own printer was among those affected this morning. Read more at ABC (AU)
Ca: Doctor’s records improperly disposed
Patient records from a newly closed medical practice were not properly disposed of the privacy commissioner has ruled. Dr. Lalita Malhotra, who retired earlier this year, failed to have all records shredded by a company that deals in secure shredding and some ended up whole in a recycling facility. “Dr. Malhotra states that she accepts…
Bits ‘n Pieces (Trozos y Piezas)
MX: Attack on Financiera Reyes Claimed by LockBit3.0 On December 12, Financiera Reyes was added to the leak site of LockBit3.0. No proof was provided, however. Finding no notice on the financial institution’s social media sites or web site, DataBreaches contacted Financiera Reyes on December 12 to ask them to confirm or deny any incident….
Claimant to Maintain Anonymity in English High Court Cyber Attack Case
Hunton Andrews Kurth writes: On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity. Generally, a claimant’s identity is public in English court proceedings. Injunctions can be made against unknown and unidentifiable defendants enabling them to…