A financial penalty of $14,000 was imposed on Nature Society (Singapore) for breaches of the PDPA. First, the organisation failed to put in place reasonable measures to protect personal data on its website database. Second, it did not appoint a data protection officer. Lastly, it did not have written policies and practices necessary to comply…
Ca: City hall privacy breach affects staff
Susan Gamble reports: A privacy breach that may have exposed Brantford municipal staff job application records, vaccination status and personal addresses was announced by the city on Wednesday evening. A news release sent out by the city said the breach was in an internal intranet system, which is only accessible to city staff, and not…
Kronos hackers stole personal info of Metro-North workers, MTA says
David Meyer reports: Ransomware hackers who breached the network of MTA timeclock provider Kronos made off with the personal information of several current and former Metro-North employees, transit leadership said Thursday. “Kronos recently informed us that some files containing personal information of some current and former MTA employees at one of our agencies – Metro-North Railroad –…
Ransomware gang behind attacks on 50 companies arrested in Ukraine
Catalin Cimpanu reports: Ukrainian authorities have detained five members part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas. The arrests, which took place earlier this week, targeted the group’s leader, a 36-year-old Kyiv resident, his wife, and three acquaintances. Officials said the group hacked into…
OH: Memorial Health System notifies 216,478 patients of malware incident last July
In November, Marietta Area Health Care Inc. dba Memorial Health System notified HHS of a breach. The number affected was submitted as 501 — a number that this site often interprets as just a marker to show that the entity knows there was more than 500 patients to notify, but hasn’t yet figured out exactly…
COVID testing appointment scheduling service discovers data breach
Jan. 13, 2022 /PRNewswire/ — On or around November 30, 2021, Practolytics LLC (“Practolytics”) learned that it experienced a data security incident. A client-generated report containing COVID testing appointment information, which would normally be deactivated following initial download, remained active. Upon discovery, Practolytics took immediate steps to deactivate and delete the download link to prevent further…