Watchdog calls for mandatory data breach notification laws in Victoria

Joseph Brookes reports: Victoria’s privacy watchdog has called for data breach notification laws in the state after a government department failed to tell people their data had been exposed in a serious breach by a man convicted of sexually assaulting a child. The former case worker, Alexander Jones, is currently serving a six-year prison sentence...

OIG Warns USCIS Over Unauthorized Access to Systems and Information

Kylie Bielby reports: The Office of Inspector General (OIG) says U.S. Citizenship and Immigration Services (USCIS) did not apply the access controls needed to restrict unnecessary access to its systems, networks, and information. Access controls help to limit individuals from gaining inappropriate access to systems or data. But an OIG audit has found that...

Kansas school district pulls messaging app after data breach

KWCH reports: Andover Public Schools said it has pulled the popular messaging app, Seesaw after the app was hacked. According to the Seesaw website, the app is used by 10 million teachers, students and family members, but the company declined to say how many users were affected by the hack. In a letter to...

Breach of software maker used to backdoor ecommerce servers

Dan Goodin reports: FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig’s...

Tax fraud ring leader jailed for selling children’s stolen identities

Sergiu Gatlan reports: The owner of a fraudulent tax preparation business, Ariel Jimenez, was sentenced to 12 years in prison for selling the stolen identities of thousands of children on welfare and helping “customers” to falsely claim tax credits, causing tens of millions of dollars in tax loss. His “customers” used the stolen identity...

Buenos Aires legislature announces ransomware attack

Jonathan Greig reports: The legislature of Argentina’s capital city announced a ransomware attack this week, saying that its internal operating systems were compromised and WiFi connectivity was down. In several tweets, the account for the legislature of Buenos Aires said the attack began on Sunday and took down the building’s WiFi network, among other...

Three Iranian Nationals Charged With Engaging In Computer Intrusions And Ransomware-Style Extortion Against U.S. Critical Infrastructure Providers

NEWARK, N.J. – An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims, U.S. Attorney Philip R. Sellinger and National Security Division Assistant Attorney General Matthew Olsen announced today. As alleged in the indictment, from October 2020 through the present,...

A busy morning for those tracking ransomware in the healthcare sector

It is turning out to be a somewhat busy morning here because three new incidents in the healthcare sector reportedly involved ransomware or ransom attempts. DataBreaches was already aware that Medical Associates of the Lehigh Valley notified HHS of a breach impacting 75,268 patients, but their notification letter reveals that this was a ransomware...