Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Meal Delivery Service Hit by Multiple Lawsuits Concerning Data Breach
Description
PurFoods, the parent company of Mom’s Meals, which delivers ready-to-eat meals across the US, faced a new lawsuit in November regarding a cyberattack between January 16 and February 22, 2023. Filed in South Carolina, this lawsuit joins other similar suits accusing the company of negligence leading to the breach of nearly 1.2 million individuals’ personal identifiable information (PII). A key aspect of this case is the inclusion of health information in the compromised data, which brings the incident under HIPAA jurisdiction. The company launched an investigation after detecting suspicious account activity a month after the attack.
Most Maine Residents Become Victims of Cyberattack
Description
The state of Maine recently confirmed that their systems were victims of the MOVEit zero-day vulnerability attack that has impacted at least 1,000 organizations and 60 million individuals since it first appeared on the scene in May of 2023. The state has determined that information of approximately 1.3 million residents, nearly its entire population, was compromised in an attack conducted by a Russian hacking group named CLOP who has taken credit for the MOVEit attacks. MOVEit is a highly popular automated secure FTP application used to move files using an encrypted channel. The attack took place between May 28 and 29, 2023 and affected multiple departments including the Maine Department of Health and Human Services, the Maine Department of Education, the Maine Bureau of Motor Vehicles amongst others. The types of information compromised in the attack included names, social security numbers (SSN), birthdates, driver’s license numbers and taxpayer IDs. Maine confirmed that the breach was limited to the MOVEit file transfer application and did not extend to other systems. The state has issued a public notice to inform its residents about the attack and provide guidance.
(more…)‘Reasonable Security’ News and Headlines Nov 2023
An overview the latest news on ‘reasonable security’ and the impact on the cybersecurity industry. Keep current on the evolution of regulatory requirements and how it may affect you.