List of data breaches and cyber attacks in February 2020 – 623 million records breached

IT Governance

San Diego school district investigating after online grading system hacked (unknown). Preschool services provider Educational Enrichment Systems discloses cyber attack (unknown). Columbus County Schools gives update after systems wiped by cyber attack (5,673).

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

The Last Watchdog

Unfortunately, despite steady advances in malware detection and intrusion prevention systems, and much effort put into training employees to be wary of suspicious email, weaponized email and document-based malware remain as virulent as pervasive as it was two decades ago. A lot of business today rely on using these basic tools on a daily basis, for HR to review resumes, to process insurance claims, to open up financial tables, all those kinds of things,” Grafi noted.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

£60 million in recovery costs for Norsk Hydro after refusing ransom demand

IT Governance

For a few hundred thousand pounds, Norsk Hydro could have bought a decryptor from the blackmailers and restored its systems. On 19 March 2019, Norsk Hydro’s systems were infected with the LockerGoga ransomware. TrendMicro’s analysis into the ransomware found that it was the same system administration tool abused by the likes of SOREBRECT and Bad Rabbit. Backups enable organisations to wipe the infected systems and restore a previous version.

Italy: Privacy law integrating the GDPR adopted, what to do?

DLA Piper Privacy Matters

This is good news as for instance it might introduce an exemption to the need of prior consent for the processing of health data by insurance companies as part of the data processing activities functional to the insurance policies which is currently provided by the above mentioned general authorization issued under the current Italian Privacy Code.

GDPR 43

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

While state AGs have previously exercised their civil enforcement authorities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), this is the first multi-state data breach lawsuit alleging HIPAA violations in federal court and may signal increased interest on the part of state officials in exercising their data protection authorities to address cybersecurity incidents. million individuals from the Company’s systems.

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Data Matters

Specifically, researchers believed that the current version of SB 315 could chill security research—both the purely academic and the “white hats”—ultimately discouraging individuals from identifying vulnerabilities in networks and alerting system administrators of the issues. Organizations have employed bug bounty programs in an effort to encourage researchers to report security flaws in their systems.