John F. Lushis, Jr. of Norris McLaughlin P.A. writes: In December 2005, Pennsylvania enacted the Breach of Personal Information Notification Act (the “2005 BPINA”). Known as the 2005 BPINA Act, its purpose is to provide “for security of computerized data and for the notification of residents whose personal information data was or may have been...
Lauryn Schroeder reports: An October data breach of San Diego Unified School District’s network involved students’ medical information, the district told families in a letter sent this month. Dennis Monahan, executive director of risk services for the district, said an investigation into the breach has revealed that the names and medical information of students...
Patrick Danner reports: Rackspace Technology Inc. won’t have to face proposed class-action litigation in San Antonio over a December ransomware attack that hobbled the cloud computing company. U.S. District Judge Xavier Rodriguez on Thursday sided with Rackspace in dismissing litigation that had been brought by 37 plaintiffs from across the U.S. who lost access to email and related data as a...
DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads,...
Josh Janney reports: A failed cybersecurity attack is responsible for Newport News Public Library branch computers being out of operation the past three weeks. Public computers and printing, faxing and scan-to-email services have all been unavailable since April 25. Library patrons who tried to use public computers at library branches were greeted with signs taped over...
Bill Toulas reports: The popular KeePass password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The issue was discovered by a security researcher known as ‘vdohney,’ who published a proof-of-concept tool allowing attackers to extract the...
Elizabeth Montalbano reports: A threat actor known for targeting Microsoft cloud environments now is employing the serial console feature on Azure virtual machines (VMs) to hijack the VM to install third-party remote management software within clients’ cloud environments. Tracked as UNC3844 by researchers at Mandiant Intelligence, the threat group is leveraging this attack method...
A.J. Vicens reports: A new and increasingly active ransomware group that’s attacked nearly 200 organizations in less than two months has a different spin on its extortion efforts: Don’t pay us, pay a charity. So far, this unnamed group that is at least publicly claiming to be driven by anti-capitalist sentiment and its own...
Lukas I. Alpert reports: A boastful teenage hacker has been charged with orchestrating a break-in to the sports betting website DraftKings, which led to $600,000 being drained from hundreds of customer accounts. Joseph Garrison, 18, of Madison, Wis., is accused of using stolen log-in and password combinations he bought on the dark web to...
Health Breach Notification Rule: FTC wants your insights into proposed changes