Jim Nash reports: A U.S. consumer finance regulator has published a circular warning that insufficient security for consumer biometric and other personal data is illegal under federal law. Multi-factor authentication is singled out as a method of making data security sufficient. Anyone reading that who still thinks it will never happen to them is invited…
Au: WA Health sorry over monkeypox data breach
Michael Ramsey reports: Western Australia’s health department has apologised for accidentally leaking the personal details of passengers aboard a flight carrying a person infected with monkeypox. A woman who travelled on the flight from Doha last week said she received the document in an email from WA Health. It contained the personal information of 47…
Court Authorizes Service of John Doe Summons Seeking the Identities of U.S. Taxpayers Who Have Used SFOX Cryptocurrency Dealer
On Aug. 15, 2022, a federal court in the Central District of California entered an order authorizing the IRS to serve a John Doe summons on SFOX, a cryptocurrency prime dealer headquartered in Los Angeles, California, seeking information about U.S. taxpayers who conducted at least the equivalent of $20,000 in transactions in cryptocurrency between 2016…
NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Atlantic Dialysis Management Services notifies patients of data security incident
On August 5, Atlantic Dialysis Management Services (ADMS) in New York issued a press release that no longer appears to be available on any of the sites that published it — with one exception. ADMS also posted a security incident notice on its website. Their website notice reads, in part: On June 9, 2022, Atlantic…
Chile: Empresa Nacional Del Petroleo spared from financial losses in BEC attack by alert bank
ENAP (Empresa Nacional Del Petroleo), is a Chilean state-owned company engaged in the exploitation, production, refining, and marketing of oil and its derivatives. It reports administratively to the Ministry of Energy. As Nicolas Parra Tapia and Felipe Diaz Montero recently reported, well-known Nigerian cybercriminals had targeted ENAP in a wire transfer scheme. It was only…