Feb 252018

Rob O’Neill reports:

Thousands of Inland Revenue files were locked up after New Zealand’s tax department became the target of a cryptolocking attack in November.

IRD said that in addition to the phishing emails targeting customers, the department also regularly receives phishing emails attempting to obtain money or information or to compromise the Inland Revenue environment.

“In November 2017, a link in a phishing email was clicked on resulting in a cryptolocker malware executing within Inland Revenue which encrypted 3500 files,” a statement said.

Read more on Reseller News.

Feb 252018

The province’s Privacy Commissioner has made a number of recommendations in light of a recent case involving a parking enforcement officer who was assaulted while on duty in December of 2017.

Commissioner Donovan Molloy’s report says while the matter was reported to the RNC and the man’s superiors, he took matters a step further and asked another City of St. John’s employee to access the alleged assailant’s personal information stored on the Motor Registration Database.

The information was collected and given to the parking enforcement officer, resulting in a privacy breach under the Access to Information and Protection of Privacy Act.

Read more on VOCM.

Feb 242018

KHOU reports:

Information about City of Houston employees’ health insurance may have been compromised after an employee’s laptop computer was stolen.

City officials say the laptop was stolen from the employee’s car on Feb. 2. They say the password-protected computer may have contained city employees’ records, including names, addresses, dates of birth, Social Security numbers and other medical information.

Read more on KHOU.

Feb 232018

Luana Pascu reports:

SamSam ransomware is back and the Colorado Department of Transportation is its most recent victim. More than 2,000 agency computers had to be shut down on Feb 21 to prevent the ransomware from spreading across the entire infrastructure.

According to CBS local news, the critical systems used to manage road traffic and alerts were not affected. The attackers encrypted some files and requested bitcoin in exchange for the decryption key.

Read more on Hot for Security.

Feb 222018

From the what-the-HELL-were-they-thinking department:

A former local authority education worker who illegally shared personal information about schoolchildren and their parents has been prosecuted.

Samira Bouzkraoui, 24, took a screenshot of a council spreadsheet concerning children and their eligibility for free school meals before sending it to the estranged parent of one of the pupils via Snapchat.

The image included the names, addresses, dates of birth and National Insurance numbers of 37 pupils and their parents. She also sent a copy of a school admission record relating to another child.

The defendant was at the time employed as an apprentice in the schools admissions department of Southwark Council and had received training in data protection. She declined to answer any questions when interviewed by the Information Commissioner’s Office (ICO).

Bouzkraoui, of Scovell Road, London, appeared before Westminster magistrates and admitted three offences of unlawfully obtaining and disclosing personal data, in breach of s55 of the Data Protection Act 1998. She was fined £850 and was also ordered to pay £713 costs.

ICO Criminal Enforcement Manager Mike Shaw said:

“This is yet another example of how people whose jobs give them access to personal data can end up in serious trouble after allowing temptation to get the better of them.

”Parents have the right to know that their personal information, and that of their children, is being treated with respect and in accordance with the law. Anybody who ignores that right and that law has to accept the consequences.”

SOURCE: Information Commissioner’s Office

So what has Southwark Council done to prevent this from happening again? Everyone tells me that councils have very few resources on infosecurity, so…..?