Collaborate Disseminate
Uh oh. Brian Krebs reports: In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of s… Continue reading Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its priva… Continue reading FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
Joseph J. Lazzarotti of JacksonLewis writes: The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data po… Continue reading Insights From The IBM 2023 Cost of a Data Breach Report
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the … Continue reading HHS Security Risk Assessment Tool Version 3.4 and Webinars
Yesterday, DataBreaches received a phone call from an employee at St. Vincent Hospital in Green Bay, Wisconsin. The employee was asking if we knew anything about a cyberattack on Hospital Sisters Health System (HSHS) and stated that everything had bee… Continue reading Developing: Hospital Sisters Health System and Prevea Health hit by cyberattack
Cindy Cohn of EFF writes: When a company that collected your personal data negligently fails to secure it, you should have accountability and relief—including standing to sue. EFF and our friends at Electronic Privacy Information Center filed an amicu… Continue reading Fourth Circuit Decision in Marriott Data Breach Case Kicks the Can Down the Road
Katitza Rodriguez of EFF writes: In the heart of New York City, a watershed moment for protecting users against unfettered government surveillance is unfolding at the sixth session of negotiations to formulate the UN Cybercrime Convention. Delegates fr… Continue reading Proposed UN Cybercrime Treaty Threatens to be an Expansive Global Surveillance Pact
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on… Continue reading Joint statement on data scraping and data protection
Joe Tidy reports: A court has found an 18-year-old from Oxford was a part of an international cyber-crime gang responsible for a hacking spree against major tech firms Arion Kurtaj was a key member of the Lapsus$ group which hacked the likes of Uber, N… Continue reading Lapsus$: court finds teenagers carried out hacking spree
Rachel V. Rose, Ted Dziekanowski, and Andy Watkin-Child report: The US Securities and Exchange Commission released its final rule, effective Sept. 5, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure. Investors, regi… Continue reading SEC Cybersecurity Rule Leans on Materiality and Reasonableness