There is an update to one of the most controversial data breaches of 2021. Mark Francis of Holland & Knight, who are external counsel for Astoria Company LLC, notified the Maine Attorney General’s Office that Astoria is notifying 940,000 consumers about a breach that occurred in January, 2021. The breach became controversial, in part, because…
Three months after ransomware attack and two months after data was dumped, UHC has yet to notify patients in writing
On September 25, DataBreaches.net reported on a ransomware attack suffered by United Health Centers of San Joaquin Valley (UHC). BleepingComputer had also reported on the incident the day before. Neither this site nor BleepingComputer had been able to get a statement from UHC at the time, but it was clear from the data dumped by…
PNB denies cybersecurity firm’s claim that 180 million customers’ data was breached, but CyberX9 calls their denial “false and misleading”
Regina Mihindukulasuriya reports: The Punjab National Bank (PNB) has denied media reports that over 180 million customers’ data has been breached or exposed, adding that the bank is certified with ISO 27001 standards for information security practices. PNB responded to media reports published Sunday, based on the findings by Chandigarh-based cybersecurity firm CyberX9, with a statement the…
Lawmakers push for federal data privacy law after report revealed Amazon is gutting state legislation
Andrew Wyrich reports: Several lawmakers are calling for Congress to pass federal data privacy legislation in the wake of Amazon reportedly killing or undermining bills in 25 states over the past several years. Last week, Reuters reported that confidential documents showed that the retail giant pushed to kill privacy bills in several states by increasing political donations, or lobbying to…
GoDaddy security breach exposed WordPress data of 1.2 Mn users
Reuters reports: Web hosting company GoDaddy Inc said on Monday email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorised third-party access. The company said the incident was discovered on November 17 and the third-party accessed the system using a compromised password. Read more on Financial…
Polish DPA: Bank Millennium fined 80,000 EUR for failure to notify the breach and the data subjects about the incident
22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…