LATEST POST
Schneck Medical Center Settles State’s Lawsuit Over 2021 Data Breach
In September 2021, Jackson County Schneck Memorial Hospital (Schneck Medical Center) in Indiana disclosed that they had been a victim of a cyberattack. Their first statement is no longer available on their website but was archived by a news site. That statement did not disclose that personal and protected health information had been accessed and […]
Vendor Management from a U.S. Data Privacy Perspective
Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most time-consuming and complex aspects of data privacy compliance. This article discusses when an organization should enter into a […]
Vivendi Ticketing US (“See Tickets”) notifying 323,498 consumers of payment card breach
Vivendi Ticketing US d/b/a See Tickets is notifying 323,498 consumers of a data security incident that compromised consumers’ payment card information. In a notification letter being sent this week, the ticket broker states that in May, they became aware of unusual activity on some of their e-commerce sites. Forensic specialists determined that unauthorized individuals had […]
FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the […]
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector In The U.S. And IT Integrator In Latin America
The Cuba ransomware gang, who are thought to be in Russia, have changed things up a bit and recently attacked U.S. critical infrastructure — something most gangs have avoided after DarkSide attacked Colonial Pipeline in 2021. Read more of this article at BlackBerry.
Spies And Hackers Are Targeting The US Space Industry: Report
In other defense-related news, U.S. intelligence agencies have issued a warning about foreign spies targeting the American space industry as well as cyberattacks against the nation’s satellite infrastructure. Read more of this article by Brett Tingley at Space.com.
Carderbee: APT Group Use Legit Software In Supply Chain Attack Targeting Orgs In Hong Kong
A supply-chain attack that has hit about 100 victims has been linked to a previously unidentified hacking group called “Carderbee. Read more of this article at Threat Intelligence.
Some Insights From IBM’s Cost of a Data Breach Report
Joe Lazzarotti at The Workplace Privacy, Data Management & Security Report calls our attention to some interesting findings in IBM’s annual Cost of a Data Breach Report. Some of these will not surprise you, but some may: Read more details on Workplace Privacy, Data Management & Security Report.