The New Yorker decided to make fun of security incident notices in a piece by Jay Katsir. From the notice’s “What Happened?” section: In or around November or February, 2018/24, we detected suspicious activity within our system. It was not like in the movies, where a big red “ALERT” message flashes onscreen, but there was…
Ca: New online breach reporting forms for federal institutions and businesses
From the Office of the Privacy Commissioner of Canada, May 24: The Office of the Privacy Commissioner of Canada (OPC) has launched a new online breach reporting form for federal institutions subject to the Privacy Act as well as updated its online breach reporting form for businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). The new online form for…
More than 540,000 patients notified so far about Cencora/Lash Group data breach (9)
– Only partial numbers so far – Only partial list of clients so far – No group has as yet claimed responsibility for the hack and data exfiltration As the week draws to a close, clients of Cencora and The Lash Group have been submitting breach notifications to state attorneys general. DataBreaches reported in February…
American Clinical Solutions: Over 400,000 Medical Records in the Hands of RansomHub
Marco A. De Felice aka @amvinfe reports: The RansomHub group made headlines last February when, following a cyberattack on Change Healthcare, they disrupted operations for several weeks. Change Healthcare is the largest U.S. provider of revenue and payment cycle management, connecting payers, providers, and patients within the American healthcare system. A week ago, a RansomHub affiliate successfully…
Sg: Software firm fined $74k for data breach caused by weak password; half a million users affected
Ang Qing reports from Singapore: A company running online language lessons for children around the world used a password based on its website name, LingoAce, making it vulnerable to the data breach that resulted. More than half a million users were affected. Among personal data compromised were the cellphone numbers, bank account numbers, signatures and…
Almost all citizens of city of Eindhoven have their personal data exposed
Graham Cluley reports: A data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposed. As Eindhovens Dagblad reports, two files containing the personal data of 221,511 inhabitants of Eindhoven were accessible to unauthorised parties for a period of time last year. Everyone who lives in the Netherlands…