On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers, and/or Taxpayer Identification numbers.

Of the $2 million, $750,000 will be

Last week, the Tex-Mex restaurant chain On the Border suffered a data breach that impacted its payment acceptance systems in 27 states. The restaurant says that some credit card information of customers who visited the chain between April and August 2019 may have been compromised. In a press release, On the Border representatives said, “Our

This week, the Federal Trade Commission (FTC) and ten states settled charges against the Florida-based cruise line, Caribbean Cruise Line, Inc. (CCL), for an illegal telemarking campaign that inundated consumers with billions of unwanted robocalls. In settling these charges, CCL’s owner, Fred Accuardi, and all of his companies are barred from robocalling and illegal telemarketing.

My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks.

Little Red Door is a small not-for-profit agency in Indiana devoted to help cancer victims during their treatment, recovery and end of life. Its mission is to help people suffering with cancer.

On January 11, 2017, TheDarkOverlord attacked Little Red Door with ransomware and demanded a payment of 50 Bitcoin (approximately $43,000) for return of the data. If the ransom wasn’t paid, the threat was that confidential information would be disclosed to the public.
Continue Reading Cancer Services Provider Confronts Ransomware Bully

Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process of notifying the affected patients whose information was exposed. According to Orleans, when it upgraded its server, its

Indiana Governor Mike Pence announced last week the formation of the Indiana Executive Council on Cybersecurity through an Executive Order. The Council, comprised of 23 members from public and private organizations, is designed to be a public-private partnership to work together to protect the state from online threats.

In announcing the Council, the Governor stated

UCLA was absolved by a California judge last week in a suit filed by a patient of a UCLA affiliated doctor’s group, who alleged that a temporary worker in the doctor’s office used the doctor’s username and password to get into her boyfriend’s previous girlfriend’s medical record. The medical record contained information that the previous