Kathleen Magramo reports: Hong Kong’s electoral office has apologised after an employee failed to follow guidelines and sent the personal details of about 15,000 voters to a random email address. The Registration and Electoral Office (REO) on Friday said the staff member intended to send files containing electors’ particulars to her personal email address on…
FBI: Ransomware hit 649 critical infrastructure orgs in 2021
Sergiu Gatlan reports: The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report. However, the actual number is likely higher given that the FBI only started tracking…
Update on Griggsville-Perry School District ransomware incident
In January, the Griggsville-Perry School District in Illinois announced it had been hit with a ransomware attack. Now, two months later, Vice Society threat actors have added the district to their leak site and dumped files that they had infiltrated. Inspection of the more than 3,000 files in the data dump revealed that most of…
Hotel WiFi across MENA compromised and exposing private data
Kareem Chehayeb reports: Pakistani cybersecurity researcher Etizaz Mohsin was in a hotel room in Qatar when he unexpectedly discovered a technical vulnerability in its internet system that exposed the private information of hundreds of hotels and millions of guests worldwide. […] “I found out that there is a service running rsync [file synchronization tool], which…
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the…
Morgan Stanley client accounts breached in social engineering attacks
Sergiu Gatlan reports: Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a…