Resources

The personal information of more than half a million Chicago Public Schools students and staff was compromised in a ransomware attack last December, but the vendor didn’t report it to the district until last month, officials said.

Media giant Nikkei’s Asian unit has been hit by a ransomware attack. While the extent of the attack and whether or not customer data was leaked is still unknown, Nikkei has been forced to shut down affected servers as they investigate further. This attack follows a 2019 incident where Nikkei lost $29 million in a single wire transfer due to a business email compromise scam.

The UK’s data protection watchdog has confirmed a penalty for the controversial facial recognition company, Clearview AI — announcing a fine of just over £7.5 million today for a string of breaches of local privacy laws.

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief providing information on the cyber organizations of the Russian Intelligence Services which pose a threat to organizations in the United States, including the healthcare and public health (HPH) sector.

The Connecticut governor has formally signed and passed An Act Concerning Personal Data Privacy and Online Monitoring (CPDA), making this law the fifth US state consumer privacy law. The CPDA goes into effect on July 1, 2023, and exempts nonprofits, qualifying covered entities, and business associates subject to the Health Insurance Portability and Accountability Act, and data in an employment or commercial B2B context.

Thousands of files of student data — including Social Security numbers, medical records and academic transcripts — were exposed to all students and employees in the DeKalb County School District’s network, according to a high school student newspaper.

The personal information of almost 2 million Texans who filed claims with the Texas Department of Insurance was exposed and publicly available for nearly three years, according to a state audit released last week.

New data about the real-time-bidding (RTB) system’s use of web users’ info for tracking and ad targeting, released today by the Irish Council for Civil Liberties (ICCL), suggests Google and other key players in the high velocity, surveillance-based ad auction system are processing and passing people’s data billions of times per day.

McKenzie Health System in Sandusky, MI, has recently started notifying 25,318 patients that some of their protected health information has been stolen in a recent security incident which has caused disruption to the operations of some of its systems. On March 11, 2022, suspicious activity was detected within its IT systems. Steps were immediately taken to secure those systems and a third-party investigator was engaged to determine the nature and scope of the security breach.

This week, the Oklahoma City Indian Clinic (OKCIC) announced that it had suffered from a data breach that exposed personally identifiable information of roughly 40,000 individuals. The clinic identified a security incident that affected its computer system on May 12, according to a notice posted on the clinic’s website. The OKCIC also confirmed that they had enlisted the help of a third-party forensic firm to determine the full impact and scope of the security incident.