CyberNews
Grindr named in UK lawsuit over sharing HIV data
Grindr may have unlawfully shared information about its users, including their HIV status, with third-party advertisers, the lawsuit has claimed.
DataBreaches
“A crucial learning experience.” – ICO calls for highest standards in HIV services after NHS Highland reprimand
From the U.K.’s Information Commissioner’s Office (ICO): NHS Highland reprimanded for a “serious” data breach amongst those accessing HIV...
Infosecurity News
UK Regulator: HIV Data Protection Must Improve
ICO issues call after reprimanding NHS Highland
Infosecurity News
YMCA Fined for Data Breach, ICO Raises Concerns About Privacy
Central YMCA was fined £7,500 for a data breach exposing HIV information of support program participants, prompting the ICO to call for stronger privacy protections for people with HIV
DataBreaches
Data breach leads to £10k fine for Scottish charity
Graham Martin reports: A prominent Scottish charity has been fined £10,000 for a data protection breach. The action was taken after HIV Scotland sent out an...
The Record
Privacy nonprofit calls on FTC to investigate Grindr’s data practices
A complaint filed with the Federal Trade Commission (FTC) Wednesday urges the agency to investigate the LGBTQ+ dating app Grindr for potentially illegally storing and disclosing users’ sensitive data, including HIV and vaccination status.
The Record
Grindr's chief privacy officer on the dating app's data controversies
Kelly Peterson Miranda, who took over as Grindr’s chief privacy officer about a year ago, talks with Recorded Future News about the LTBTQ+ dating app's data privacy practices.
DataBreaches
COVID-19 patient sues Health P.E.I. for privacy breach at hospital
Brian Higgins reports: A man who says he was the first person on Prince Edward Island to be hospitalized for COVID-19 is suing Health P.E.I. for breach of...
SecurityWeek
A Sanction Has Been Imposed on a Hacker Who Released Australian Health Insurer Client Data
Russian national sanctioned by the Australian government for his role in the Medibank attack impacting more than 10 million Australians.
DataBreaches
Hackers release Australian health insurer’s customer data
While those of us who report on ransomware groups may not be sure whether to refer to the group responsible for a ransomware attack on Medibank as...
DataBreaches
Cyberinsurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments
Graham Cluley sets the stage nicely: Ouch. One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to...
Infosecurity News
NHS Trust Slammed After IT Snafu Delays Thousands of Referrals
Regulator highlights major data handling errors
DataBreaches
Ransomware threat actors dump NHS records on the ‘dark web’: Highly sensitive medical documents are leaked online after hackers’ £3million Bitcoin ransom is rejected
Last week, this site reported that a U.K. fertility clinic had been impacted by an attack on Stor-a-File, their document scanning vendor. This week, there...
Infosecurity News
Regulator Warns Breaches Can Cost Lives
ICO says handling of domestic abuse victims’ data must improve
The Record
Lawsuit accuses hospital of disclosing patient health data to Facebook
A proposed class action lawsuit alleges that a Seattle-area hospital allowed Facebook’s online tracking tools to access the data of hundreds of thousands of people.
CSO
UK data regulator warns that data breaches put abuse victims’ lives at risk
The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse.
The Record
Russia and China-linked hackers exploit WinRAR bug
Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea.
Bleeping Computer
US indicts members of Chinese-backed hacking group APT40
Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018.
Bleeping Computer
Medical software firm fined €1.5M for leaking data of 490k patients
The French data protection authority (CNIL) fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR (General Data Protection Regulation).
SecurityWeek
Hackers Leak Australian Health Records on Dark Web
Hackers began leaking sensitive medical records stolen from Australian health insurer Medibank that had earlier refused to pay the group's ransom demand.
Cyber Security News
Hackers Using Leaked CIA's Hive Multi-Platform Attack Kit in the Wild
It has been reported that a group or individual, whose identity is currently unknown, has released a new "backdoor." This backdoor has been designed to function in a similar manner to a piece of malware known as "Hive," which was developed by the United States Central Intelligence Agency (CIA).
Bleeping Computer
Russians dodging mobilization behind flourishing scam market
Ever since Russian president Vladimir Putin ordered partial mobilization after facing setbacks on the Ukrainian front, men in Russia and the state's conscript officers are playing a 'cat and mouse' game involving technology and cybercrime services.
Bleeping Computer
Cencora data breach exposes US patient info from 11 drug companies
Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services.
ZDNet
Maryland officials confirm ransomware attack shut down Department of Health | ZDNet
Health officials said they have to figure out COVID-19 statistics by hand because of the attack.
The Record
UK email mistake put ‘lives at risk’ for Afghans who had worked with British military
The Information Commissioner's Office (ICO) explained its monetary penalty against the Ministry of Defence for exposing email addresses of certain Afghans interested in being relocated to the U.K.
Infosecurity News
NHS Trust Confirms Clinical Data Leaked by Recognized Ransomware Group
NHS Dumfries and Galloway confirmed that patient clinical data was leaked following the attack on its systems earlier in March 2024
DataBreaches
Adventures in Notification, Ethical Dilemma Edition
Long-time readers know that this blogger has encountered some interesting situations over the years in response to trying to engage in responsible disclosure...
Krebs on Security
Who is Alleged Medibank Hacker Aleksandr Ermakov?
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole…
Cyber Security News
Compromised Data of Over 9 Million Health Insurance Users Is Being Exposed On the Dark Web
After hitting Australian telecommunications company Optus, in which the information of over 9 million users has been exposed, cybercriminals have victimized another company — Medibank, one of the largest Australian insurance companies. Following the data breach on Medibank, threat actors have released the personal health information of millions of users they obtained in the attack. […]
DataBreaches
Healthcare entities in Saudi Arabia, Illinois, and Mississippi fall prey to Xing Team
Note: updates to the breaches included in this report appear below the original post. Some threat actors have gained a lot of notoriety while others are lesser...