IT Governance

JANUARY 7, 2020

In our first review of 2020, we look at a new twist on a PayPal scam, and discuss data breaches at an IVF treatment facility and in the Singapore government. The symbol simply signifies that the site has an SSL certificate, which means the information shared between your computer and the website is encrypted.

Phishing 94

Phishing Passwords Access Government 94

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. He declined to comment on the particulars of the extortion incident.

Ransomware 341

Ransomware Security Agriculture Cybersecurity 341

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 68

Financial Services Cybersecurity Insurance Risk 68

Security Affairs

MAY 1, 2020

The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files. According to Maze, the bank’s network remained unsecured at least since February 2020. ” reads a post published by Cyble.

Ransomware 136

Ransomware Encryption Insurance Data breaches 136

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Tue, 12/22/2020 - 10:08. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. The 2020 analysis found that customer data was by far the most-commonly compromised type of record with 80% of breached organizations saying that customer PII was affected.

Data Privacy 118

Data Privacy Privacy Security Encryption 118

Security Affairs

APRIL 24, 2020

The crew has published images of the data they claim to have stolen before encrypting the systems at the company. pic.twitter.com/0gykQl53Ft — Under the Breach (@underthebreach) April 23, 2020. pic.twitter.com/0gykQl53Ft — Under the Breach (@underthebreach) April 23, 2020. – The company is traded on NASDAQ.

Ransomware 103

Ransomware Insurance Data breaches Encryption 103

Security Affairs

APRIL 6, 2020

Below the timeline of the discovery: Date discovered: January 2020 Date Key Ring and AWS contacted: 18th February 2020 Date of Action: 20th February 2020. Data contained in the database includes emails, home addresses, device and IP address information, encrypted passwords and the “salt” randomized data used to encrypt them. “In

Retail 105

Retail Encryption Insurance Passwords 105

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). GDPR-style data privacy laws came to the U.S.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

Krebs on Security

APRIL 3, 2023

.” As KrebsOnSecurity reported in 2020, Bruno was at the time promoting himself as the co-CEO of a company called SafeSwiss Secure Communication AG , and the founder of another tech startup called Secure Swiss Data. According to DomainTools.com , that website name was registered in 2015 by The Inside Knowledge GmbH.

Communications 207

Communications Marketing Security Insurance 207

Thales Cloud Protection & Licensing

FEBRUARY 15, 2023

Double extortion ransomware is a growing type of cyber-attack in which a victim’s sensitive data is first stolen, and then encrypted, giving the criminal the option of demanding two separate ransom payments. Simplistically, suppose the sensitive data is already encrypted. To learn more, contact an encryption specialist.

Ransomware 71

Ransomware Encryption Security awareness Cybersecurity 71

eSecurity Planet

OCTOBER 5, 2021

Estimates vary, but a recent FortiGuard Labs Global Threat Landscape Report found an almost 10-fold increase in ransomware attacks between mid-2020 and mid-2021. The focus is on recovering deleted and encrypted files as quickly as possible. Data is recovered remotely or returned on encrypted media. And the threat is growing.

Ransomware 139

Ransomware Encryption Cybersecurity Insurance 139

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!! Zero Trust.

Ransomware 97

Ransomware Encryption Insurance Cloud 97

eSecurity Planet

OCTOBER 18, 2021

” Nicko died nine months later, on April 16, 2020. ” Cyber Insurance No Longer Reliable. ” Cyber Insurance No Longer Reliable. ” Crockett said unofficial numbers indicate that only about 10 percent of such cyber insurance claims are paid out. “And the war can be multi-pronged.

Ransomware 104

Ransomware Insurance Digital transformation Cybersecurity 104

Security Affairs

JUNE 17, 2020

“On May 24, 2020, we discovered a security incident affecting some of our systems. “Our investigation to-date has identified evidence of unauthorized access to our systems from approximately April 15, 2020 until May 24, 2020. .” The company already sent a data breach notification to the impacted individuals.

Ransomware 97

Ransomware Data breaches Military Cybersecurity 97

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the threat actor obtained access to the EyeMed email account on approximately June 24, 2020 and not only obtained access to six years’ worth of information, but also began sending 2,000 phishing emails on July 1. EyeMed neither admitted nor denied the AG’s findings in the settlement. Background.

Passwords 98

Passwords Financial Services Authentication Insurance 98

Data Protection Report

JANUARY 5, 2021

The proposed regulation specifically includes as an example of a notification incident a “ransom malware attack that encrypts a core banking system or backup data.” The term “notification incident” would mean that a banking organization believes in good faith a computer security incident” could materially disrupt, degrade, or impair—.

Insurance 141

Insurance Paper Encryption Security 141

Security Affairs

SEPTEMBER 10, 2020

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020. SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

Ransomware 66

Ransomware Data breaches Insurance Encryption 66

Security Affairs

APRIL 8, 2020

“On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. “We’re sorry to report that, during 21–23 March 2020, the criminals published on their website records from some of our volunteers’ screening visits. A criminal group called Maze has claimed responsibility.”

Ransomware 103

Ransomware Data breaches Encryption Financial Services 103

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. 3 ],[ 4 ]” reads the joint alert.

Ransomware 113

Ransomware Phishing Encryption Risk 113

IT Governance

NOVEMBER 20, 2023

Records breached: Unknown ALPHV/BlackCat attacks MeridianLink then reports it to the SEC Date of breach: 7 November Breached organisation: MeridianLink Incident details: The ALPHV/BlackCat ransomware group has added the software company MeridianLink to its leak site, having exfiltrated data without encrypting company systems.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Data Protection Report

APRIL 30, 2024

In December 2020, the company revised its privacy policy (increasing its size to 15 pages) and added a statement that it used Facebook Pixel, a web analytics and advertising service by Facebook, Inc. As indicated in the paragraph quoted above, the company collected some very sensitive personal information.

Personal data 85

Personal data Privacy Information governance Compliance 85

HL Chronicle of Data Protection

FEBRUARY 25, 2020

It applies to any “Covered Entity,” which is defined broadly to include “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. A hearing on the matter will be held on October 26, 2020 at the office of the NYDFS. NYCRR 500.14(b):

Cybersecurity 85

Cybersecurity Risk Financial Services Insurance 85

eSecurity Planet

SEPTEMBER 10, 2021

For ransomware attacks where network data gets encrypted , backups are the definitive method for restoring network infrastructure. Coveware reported earlier this year the average downtime for ransomware victims jumped from 15 days in 2019 to 21 days in 2020. Beyond Encryption: Exfiltration and Extortion.

Ransomware 120

Ransomware Encryption Cybersecurity Access 120

Hunton Privacy

MAY 9, 2019

The expanded definition also includes any of these data elements or combination thereof without the consumer’s name if the data is not encrypted or redacted, or if the data would enable a person to commit identity theft. The amendments take effect March 1, 2020.

Data breaches 68

Data breaches Passwords Insurance Military 68

eSecurity Planet

SEPTEMBER 14, 2022

billion in reported losses, up from 2020’s 791,790 complaints and $4.2 Finance and insurance finished a close second at 22.4%. Finance and insurance companies were particularly vulnerable to the sort of phishing scams we’re talking about. In 2020 alone, 79 ransomware attacks were conducted against government entities in the U.S.,

Energy and Utilities 120

Energy and Utilities Phishing Blockchain Cybersecurity 120

DLA Piper Privacy Matters

MAY 5, 2020

Adjacent to these initiatives, the European Data Protection Board (“EDPB”) recently published draft guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. Personal data may be processed for a wide variety of purposes such as driver safety, insurance and efficient transportation.

Privacy 69

Privacy Personal data GDPR Insurance 69

eSecurity Planet

AUGUST 27, 2021

Aravo was named a Leader in Forrester Wave for TPRM and a Challenger in the Gartner Magic Quadrant for IT VRM Tools in 2020. Galvanize was a Leader in the Forrester Wave’s TPRM report and the Gartner Magic Quadrant for IT VRM in 2020. RSA Archer was a Leader in the Gartner Magic Quadrant for IT VRM Tools in 2020.

Risk 130

Risk Compliance Marketing Cybersecurity 130

Hunton Privacy

MARCH 24, 2020

On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) went into effect.

Encryption 73

Encryption Passwords Compliance Risk 73

eSecurity Planet

JANUARY 21, 2021

Archer was named a Leader in Gartner’s 2020 Magic Quadrant for IT risk management and IT vendor risk management tools. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. Plus, Forrester named it a Leader in its Q1 2020 GRC Wave. See our in-depth look at RSA Archer. LogicManager. Back to top. Riskonnect.

Compliance 67

Compliance Risk Government Retail 67

Data Matters

OCTOBER 8, 2020

On October 1, 2020, the U.S. Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. 1, 2020, [link]. sanctions law violations if U.S.

Ransomware 68

Ransomware Compliance Risk Government 68

eSecurity Planet

JANUARY 21, 2021

Archer was named a Leader in Gartner’s 2020 Magic Quadrant for IT risk management and IT vendor risk management tools. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. Plus, Forrester named it a Leader in its Q1 2020 GRC Wave. See our in-depth look at RSA Archer. LogicManager. Back to top. Riskonnect.

Compliance 57

Compliance Risk Government Retail 57

Thales Cloud Protection & Licensing

JULY 12, 2018

billion devices will be connected to the Internet by 2020 2. Employing asymmetric cryptography, PKIs manage the key pairs used for signing and encrypting data. If these critical keys are compromised, certificates and encrypted data are at risk. Connected devices outnumber people. billion 1 , and Gartner projects over 20.8

IoT 72

IoT Encryption Agriculture Data collection 72

IT Governance

SEPTEMBER 1, 2022

In other news… Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident Brazilian police launch investigation targeting Lapsus$ group South Korea to ban 16 unregistered overseas crypto exchanges. announces security breach (unknown) The Country Club at Woodfield, Inc.

Data breaches 116

Data breaches Ransomware Energy and Utilities Phishing 116

Adam Levin

NOVEMBER 17, 2020

And like everything else in 2020, these next few weeks promise to be a disaster. VPNs encrypt data , making it much harder to intercept when transmitted through a shared or suspect internet connection. SSLs ensure all data is encrypted. The holiday season is the most wonderful time of the year for scammers. Look for the lock.

Retail 97

Retail e-Delivery Passwords Phishing 97

Data Protection Report

JANUARY 7, 2019

Entities covered by the Regulation, which includes not only banks and insurers, but also other financial service institutions and licensees regulated by the DFS that utilize third-party service providers, will be required to implement third-party risk management programs by March 1.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40