Grace Ferguson reports: When the personal information of students and employees at Fairfax County Public Schools showed up on the dark web in October 2020, the Virginia school district had been in a standoff with hackers for nearly a month. Even with help from the FBI, Virginia State Police, and a hired cybersecurity firm, the district…
The ‘Groove’ Ransomware Gang Appears to Have Been a Hoax — But Was Any of It Real?
Brian Krebs writes: A number of publications in September warned about the emergence of “Groove,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. You can read more…
South Carolina School District reports security incident
Sarah Coble reports: A school district in South Carolina is investigating a “cyber-incident” that it says impacted hundreds of staff computers. On October 4, some of the networks of Colleton County School District stopped operating. The unusual activity was detected by the district’s information technology staff, who determined that a cybersecurity incident had occurred. Read more on InfoSecurity. From…
Possible cyberattack hits ‘brain’ of N.L. health-care system, delaying thousands of appointments Social Sharing
CBC News reports: A cyberattack appears to be behind a provincewide disruption of health-care services in Newfoundland and Labrador that has affected thousands of appointments and procedures, including those involving COVID-19 testing. “We may have been victims of a possible cyberattack by a third party,” said Health Minister John Haggie at a news conference Monday morning….
Las Vegas Cancer Center hit by ransomware over Labor Day weekend; 3,000 patients notified
KTNV reports that the Las Vegas Cancer Center was the victim of a ransomware attack over the Labor Day Weekend. The attack was discovered on September 7, when the center re-opened. The attackers reportedly accessed encrypted data. Patient data is in proprietary format and the center believes it would not be usable to the threat actors….
If you need to notify abuse survivors of a data breach, is it acceptable to take more than one year to notify them?
Urban Resource Institute in New York City provides shelter and services to victims of domestic abuse, homeless people, and individuals with developmental disabilities. On May 20, 2020, they were the victim of an attack on employees’ email accounts. Unusual network activity was first noticed on July 23, 2020, but it wasn’t until October, 2020 that…