Approximately 60 credit unions are grappling with service disruptions following a ransomware attack on Trellance, a third-party IT vendor catering to the industry, as reported by the National Credit Union Administration (NCUA) on Friday. Trellance subsidiaries, including Ongoing Operations and FedComp, have confirmed the cyber incident, with Ongoing Operations specifying a ransomware attack on November 26.
A recent ruling by the European Court of Justice (ECJ) in the case of German property company Deutsche Wohnen is expected to have far-reaching financial implications for organizations found in breach of the General Data Protection Regulation (GDPR). Legal experts have deemed the decision a "landmark" ruling, altering the landscape of GDPR enforcement.
The U.S. Department of Health and Human Services (HHS) has introduced a comprehensive cybersecurity strategy aimed at fortifying the resilience of the health care sector against the escalating threat of cyber-attacks. The concept paper, aligned with President Biden's National Cybersecurity Strategy, outlines four pivotal pillars for action with a focus on bolstering cybersecurity for hospitals, patients, and communities vulnerable to cyber threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a crucial mitigation guide aimed at fortifying the cybersecurity defenses of the Healthcare and Public Health (HPH) Sector. The new guidance, a supplement to the HPH Cyber Risk Summary released on July 19, 2023, outlines strategic measures to combat pervasive cyber threats affecting the sector.
Rivers Casino in Des Plaines has disclosed a data breach that occurred in mid-August, highlighting the vulnerabilities that businesses, even in the entertainment and hospitality sector, face in the digital age.
The government of Maine recently disclosed that approximately 1.3 million residents fell victim to a massive data breach earlier this year, out of a population of 1.37 million. The breach, which occurred in May, was part of a widespread cyberattack that exploited a vulnerability in the widely used MOVEit file-transfer system, impacting not only Maine but also several U.S. federal agencies, including the Department of Energy and the Department of Health and Human Services (HHS).
The French data protection authority, known as the CNIL, has been actively enforcing its new simplified sanction procedure, which was introduced in 2022. Over the past two months, the CNIL has issued ten new decisions under this streamlined approach, imposing fines totaling €97,000 on both private and public-sector entities. These sanctions were a result of violations of various data protection requirements, highlighting the authority's commitment to upholding privacy and data protection regulations.