Friday, March 29, 2024

1. Ransomware Attacks

In February, Harvard Pilgrim Health Care updated the number of individuals affected by an April 2023 ransomware attack, adding over 81,000, totaling 2,632,275. This count was increased for the fourth time on Wednesday, with ongoing investigation revealing additional compromised data. The total now stands at least 2,860,795 individuals affected.

2. Certifications

Nothing to report.

3. Company Fines

Nothing to report.

Thursday, March 28, 2024

1. Ransomware Attacks

Change Healthcare – Change Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.

Current Status:

• 3/28/24 – The U.S. State Department offered up to $10 million for information on the Blackcat ransomware gang.
• 3/14/24 – UnitedHealth Group said it identified the source of the intrusion into Change Healthcare’s system, which remains partially non-operational following the cyberattack.
• 03/06/24 – After 10 days, the company reportedly paid $22M in ransom via bitcoin to get its systems back online.
• 03/02/24 – Still offline.
• 02/28/24 – Services currently unavailable.

2. Certifications

Computer Guidance Corporation, a developer of cloud-based ERP solutions for the construction industry, announced the completion of its SOC 1 Type II and SOC 2 Type II accreditations.

ArborXR, an enterprise XR management and deployment platform, recently completed the ISO 27001 certification.

3. Company Fines

Nothing to report.

Wednesday, March 27, 2024

1. Ransomware Attacks

Gilmer County, GA has been hit with a ransomware attack. Some services are being impacted, but critical infrastructure, such as the 911 communications center, remains unaffected. A full list of those services which are being disrupted has not been made available.

2. Certifications

ChainUp, a global blockchain technology solutions provider, announced the completion of its SOC 2 Type 2 accreditation.

Behavox, the leading provider of AI-driven compliance solutions, announced the completion of its SOC 2 Type 2 accreditation.

Lightspeed Systems, an organization focusing on digital safety, security, and equity solutions to K-12 education, announced the completion of its SOC 2 Type 2 accreditation.

Concentric Advisors, the leading risk management company providing physical and digital security services, recently completed the ISO 27001 certification.

Luma Health, innovator of the market-leading Patient Success Platform™, recently completed the ISO 27001 certification.

Intelinair, an Ag data analytics company, announced the completion of its SOC 2 Type 1 accreditation.

3. Company Fines

The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of individuals’ personal data it purchased from data brokers. The consent form to use the data contained flaws and was in violation of the GDPR.

Tuesday, March 26, 2024

1. Ransomware Attacks

The Tarrant Appraisal District confirmed a criminal ransomware attack, reporting the incident to the FBI and Texas Department of Information Resources.

Current Status:

• Hackers demanded $700,000 ransom.

2. Certifications

Provenir, a data and AI-powered risk decisioning software company, announced the completion of its SOC 2 Type 2 accreditation.

Katana Technologies, an inventory software solutions for small and medium-sized businesses (SMBs), announced the completion of its SOC 2 accreditation.

SCLogic AB, a provider of innovative logistics and workflow management solutions in Europe, recently completed the ISO 27001 certification.

3. Company Fines

Nothing to report.

Monday, March 25, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Beeks Group, specializing in Infrastructure as a Service (IaaS) and ultra-low latency networks tailored for high-frequency trading in capital markets and financial services, announced the completion of its SOC 2 accreditation.

3. Company Fines

Nothing to report.

Friday, March 22, 2024

1. Ransomware Attacks

2. Certifications

Wyng, a pioneer in activation platforms for consumer marketing, announced the completion of its SOC 2 Type 2 accreditation.

Trinity M Consulting recently completed the ISO 27001:2022 certification.

Signature Global (India) Limited, a real estate developer, recently completed the ISO 27001:2022 certification.

Antea, a risk-based asset integrity management (AIM) software company, recently completed the ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Thursday, March 21, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Research Transcriptions, a provider of confidential human transcription services for qualitative research, announced that it has achieved both SOC 2 Type I and Type II certifications.

Tenant, Inc., a vertical SaaS technology platform company that offers a complete software ecosystem tailored to the Self-Storage industry, announced the completion of its SOC 2 Type 2 accreditation.

Milliken & Company, a global manufacturer, recently completed the ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Wednesday, March 20, 2024

1. Ransomware Attacks

Pensacola, FL – The city went through a potential ransomware attack, as it suffered widespread phone outages due to a cyberattack that was first detected over the weekend. The cyberattack disrupted the city’s 311 system and delays across several city departments. More details to come.

2. Certifications

Bloomreach, a platform fueling limitless e-commerce personalization, announced the completion of its first SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Tuesday, March 19, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Prevail Legal Inc., a testimony management platform providing legal transcription, court reporting services, and advanced testimony intelligence tools, announced the achievement of SOC 2 Type 2 attestation and ISO 27001 certification.

Dispersive Holdings announced the completion of its first SOC 2 Type 1 accreditation.

IBSFINtech, a global enterprise Treasury Management System (TMS) provider announced its ISO/IEC 27001:2013 certification.

3. Company Fines

In response to a data breach where Medtronic Italia improperly exposed users’ email addresses, the Italian Supervisory Authority (the Garante) conducted a wider investigation into the company’s data handling practices. The Garante found violations of the GDPR regarding security and transparency, resulting in Medtronic being fined a total of EUR 300,000 for both security and transparency failings related to their handling of personal data. Read more here.

Monday, March 18, 2024

1. Ransomware Attacks

The Office of the Colorado State Public Defender – Some personal client was exposed during a ransomware attack last month, when officials shut down the office’s computer network after becoming aware of malware-encrypted data on system. Read more here.

Scranton School District – Their computer system was recently hacked and infected with ransomware last Friday. Read more here.

2. Certifications

Zeto, Inc., a commercial-stage medical technology company transforming EEG brain monitoring in healthcare with its innovative EEG headset and advanced cloud platform, announced its renewal of SOC 2 Type II certification.

3. Company Fines

Nothing to report.

Friday, March 15, 2024

1. Ransomware Attacks

New Mexico Administrative Office of the District Attorney – Still trying to get its two main computer servers working again after a ransomware attack locked prosecutors across the state out of their files Wednesday morning.

2. Certifications

RChilli has earned ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Thursday, March 14, 2024

1. Ransomware Attacks

Nissan Oceania – After a cyber attack affecting their local IT servers on 5 December 2023, Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks.

Change Healthcare – Change Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.

Current Status:

• 02/28/24 – Services currently unavailable
• 03/02/24 – Still offline
• 03/06/24 – After 10 days, the company reportedly paid $22M in ransom via bitcoin to get its systems back online.
• 3/14/24 – UnitedHealth Group said it identified the source of the intrusion into Change Healthcare’s system, which remains partially non-operational following the cyberattack.

2. Certifications

Feroot Security, specializing in client-side security, announced the completion of its first SOC 2 Type 2 accreditation.

Navina, the artificial intelligence (AI)-powered primary care platform that transforms complex, fragmented patient data into actionable insights at the point of care, announced the completion of its first SOC 2 Type 2 accreditation.

Accuserve Solutions, a managed repair service serving the intersection of insurance companies, property owners, and service contractors, announced the completion of its first SOC 2 Type 2 accreditation.

ExploreLearning®, a Cambium Learning Group brand, has earned ISO 27001:2013 certification.

3. Company Fines

Nothing to report.

Wednesday, March 13, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Enertia Software, an upstream oil and gas software solutions company, announced the completion of its first SOC 2 Type 1 accreditation.

Baffle,  a security platform company, announced the completion of its first SOC 2 Type 2 accreditation.

Human Managed, a cloud-native data analytics platform, announced the completion of its ISO/IEC 27001:2022 certification.

Samsung Electronics, a digital signage provider, announced the completion of its ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications.

3. Company Fines

Nothing to report.

Tuesday, March 12, 2024

1. Ransomware Attacks

EquiLend Holdings – LockBit ransomware claimed responsibility for a ransomware attack in January.

Current Status:

• 03/12/24: Notification letters were to employees yesterday that their data was stolen after the attack. Information compromised in the attack included employees’ personally identifiable information, including their names, birth dates, and Social Security numbers.

2. Certifications

Finery Markets, a premier non-custodial crypto ECN, which provides cutting-edge trading infrastructure and software for institutional market players in over 30 countries, announced the completion of its first SOC 2 Type 1 accreditation.

LocaliQ, a Digital Marketing Solutions (DMS) business, announced the completion of its SOC 2 Type II accreditation.

Epicore Biosystems (‘Epicore’), a digital health company developing advanced sweat-sensing wearables to provide real-time personalized hydration insights for performance and safety, announced the completion of its SOC 2 Type II accreditation.

Xantrion, an IT services provider for growing and mid-market businesses, announced the completion of its SOC 2 Type II accreditation.

Regnology, a software provider with a focus on regulatory reporting solutions,  announced that its Rcloud platform, completed its SOC 2 Type II accreditation. 

Kalmar, part of Cargotec, has been awarded ISO 27001 certification for its Information Security Management System (ISMS).

3. Company Fines

Nothing to report.

Monday, March 11, 2024

1. Ransomware Attacks

Duvel Moortgat Brewery – The Stormous ransomware gang has claimed responsibility for an attack on Belgium’s Duvel Moortgat Brewery that has snarled production of its flagship Duvel and other beers.

Current Status:

• 03/8/24 – The production site in Puurs-Sint-Amands in Belgium had been brought online, but the other four were still shut down.

2. Certifications

Transak, a prominent cryptocurrency payments provider, has achieved a significant milestone for the Web3 sector by becoming the first worldwide on/off-ramp infrastructure firm to get the SOC 2 Type 2 accreditation.

Janusea, an integration platform provider for fintechs and financial institutions, announced the successful completion of its SOC 2 Type 2 accreditation.

Finery Markets, a premier non-custodial crypto ECN, which provides cutting-edge trading infrastructure and software for institutional market players in over 30 countries, announced the successful completion of its first SOC 2 Type 1 accreditation.

STRADVISION, a trailblazer in the automotive technology sector, announced the successful renewal of its ISO 27001 certification for the fourth consecutive year.

3. Company Fines

The Italian data protection authority, Garante, announced a fine of 2.8 million euros (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation (GDPR) regarding insufficient security measures the bank had in place during a cyberattack. Read more here.

Swedish payments group Klarna must pay a fine of 7.5 million crowns ($733,324) for violating the EU’s General Data Protection Regulation (GDPR) by not providing sufficient information to its users, a Swedish court of appeal ruled on Monday. Read more here.