Collaborate Disseminate
On 17 February 2022, the second-round of trilogue negotiations commenced between the EU’s institutions on the so-called ‘NIS2’ Directive, which intends to reform the EU’s current cybersecurity rules. Dan Whitehead of Hogan Lovells writes: NIS2 is inten… Continue reading NIS 2.0—the EU looks to bolster its cybersecurity laws
Monongalia Health System in West Virginia issued a press release this week about a data breach that impacted patients, employees, and contractors. It was the second incident reported by them in a one-year period. But was this incident unrelated to the … Continue reading Monongalia Health System hacked again? Second incident report in one year.
Luke Gallin reports: Global insurance and reinsurance broker Aon was hit by a cyber attack on February 25th, 2022, according to an 8-K filed with the Securities and Exchange Commission (SEC) in the U.S. In its filing, Aon states that it identified a cy… Continue reading Aon hit by cyber attack
It almost felt like Christmas came early in a winter of despair. As noted yesterday, a Conti member who appears furious with Conti for its statement supporting Russia started dumping internal records from Conti with a statement ending, “Glory to … Continue reading ContiLeaks providing new insights and evidence against Conti
“Oh for f*** sake,” a February 25th message on Signal to me began. RaidForums had been seized, I was told. But had it been? [Note: this article does not link to RaidForums’ site as it is may still be a phishing page.] A WHOIS lookup … Continue reading Why won’t law enforcement answer questions about RaidForums? Or have they just winked?
First they thought their victim hacked them back. Then they appeared to be trolled by a “negotiator” who wasn’t. I don’t know if the Brazilian threat actors who call themselves LAPSUS felt like moving to Australia after a bad da… Continue reading LAPSUS and the Terrible, Horrible, No Good, Very Bad Ransom Day1
Andrew Macfarlane reports: iTCo, which is based in Rotorua, says it was the subject of a ransomware cyberattack in early February. Those responsible are claiming to have stolen more than 4 gigabytes of data. Note: this is not the same firm that Hive th… Continue reading NZ technology company hacked, data stolen
A notification letter template that showed up on the California Attorney General’s site this week is dated “February 19, 2021.” I assume the 2021 is a typo based on the rest of the letter. The letter from Orthopedic Associates of Haw… Continue reading One year later, Minimally Invasive Surgery of Hawaii notifies patients of ransomware incident
Brett Dickerson reports: Victims of past sexual assault who had their DNA collected in a rape kit by the Oklahoma City Police Department now face yet more uncertainty because of a data breach. Rape kits are used to collect DNA evidence by law enforceme… Continue reading OKC Police rape kit info exposed in data breach of DNA contractor
DataBreaches.net does not report on most potential class action lawsuits because many of them will not survive motions to dismiss. This case, however, is a bit more interesting to me because it involves sensitive mental health data, ransomware, leaked… Continue reading QRS Data Breach Exposed Psych Care Consultants Patient Information – Class Action Allegations