On February 4, we learned that the government was seeking a 5-year sentence for Canadian hacker Gary Bowser, in addition to restitution, and three years supervised release following prison. Today, Bowser was sentenced to three years in prison. Kate Gray reports: Bowser’s group built and sold devices that were used to hack consoles, which can…
One year after it started, LendUs discloses that they had a breach
As you read the following press release, note that they do not tell us when they first discovered that there might have been a security breach or incident. Nor do they tell us how they first discovered it. And what’s with this “out of an abundance of caution” claim? If you can’t figure out what…
FL: Ransomware group claims to have stolen data on 260,000 patients from Jax Spine and Pain Centers; victim remains silent (UPDATED)
Update of February 24, 2022: Jacksonville Spine Center, P.A. (JAX Spine and Pain Centers) reported a hacking incident to HHS on February 10 — the same date that this site first reported on claims by Avos Locker to have acquired data on 260,000 patients. JAX never responded to this site’s inquiries, but seems to have…
CISA Alert (AA22-040A): 2021 Trends Show Increased Globalized Threat of Ransomware
Summary In 2021, cybersecurity authorities in the United States,[1][2][3] Australia,[4] and the United Kingdom[5] observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S….
Donation site for Ottawa truckers’ ‘Freedom Convoy’ protest exposed donors’ data
Zack Whittaker reports: The donation site used by truckers in Ottawa who are currently protesting against national vaccine mandates has fixed a security lapse that exposed passports and driver licenses of donors. […] TechCrunch was tipped off to the data lapse after a person working in the security space found an exposed Amazon-hosted S3 bucket…
Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
Michael J. Waters and Colin H. Black of Polsinelli write: Tech Transactions & Data Privacy 2022 Report Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data…