Published: March 12, 2024
By Annie blog posts
Friday, March 29, 2024
In February, Harvard Pilgrim Health Care updated the number of individuals affected by an April 2023 ransomware attack, adding over 81,000, totaling 2,632,275. This count was increased for the fourth time on Wednesday, with ongoing investigation revealing additional compromised data. The total now stands at least 2,860,795 individuals affected.
Nothing to report.
3. Company Fines
Nothing to report.
Thursday, March 28, 2024
Change Healthcare – Change Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.
Current Status:
Computer Guidance Corporation, a developer of cloud-based ERP solutions for the construction industry, announced the completion of its SOC 1 Type II and SOC 2 Type II accreditations.
ArborXR, an enterprise XR management and deployment platform, recently completed the ISO 27001 certification.
3. Company Fines
Nothing to report.
Wednesday, March 27, 2024
Gilmer County, GA has been hit with a ransomware attack. Some services are being impacted, but critical infrastructure, such as the 911 communications center, remains unaffected. A full list of those services which are being disrupted has not been made available.
ChainUp, a global blockchain technology solutions provider, announced the completion of its SOC 2 Type 2 accreditation.
Behavox, the leading provider of AI-driven compliance solutions, announced the completion of its SOC 2 Type 2 accreditation.
Lightspeed Systems, an organization focusing on digital safety, security, and equity solutions to K-12 education, announced the completion of its SOC 2 Type 2 accreditation.
Concentric Advisors, the leading risk management company providing physical and digital security services, recently completed the ISO 27001 certification.
Luma Health, innovator of the market-leading Patient Success Platform™, recently completed the ISO 27001 certification.
Intelinair, an Ag data analytics company, announced the completion of its SOC 2 Type 1 accreditation.
3. Company Fines
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of individuals’ personal data it purchased from data brokers. The consent form to use the data contained flaws and was in violation of the GDPR.
Tuesday, March 26, 2024
The Tarrant Appraisal District confirmed a criminal ransomware attack, reporting the incident to the FBI and Texas Department of Information Resources.
Current Status:
Provenir, a data and AI-powered risk decisioning software company, announced the completion of its SOC 2 Type 2 accreditation.
Katana Technologies, an inventory software solutions for small and medium-sized businesses (SMBs), announced the completion of its SOC 2 accreditation.
SCLogic AB, a provider of innovative logistics and workflow management solutions in Europe, recently completed the ISO 27001 certification.
3. Company Fines
Nothing to report.
Monday, March 25, 2024
Nothing to report.
Beeks Group, specializing in Infrastructure as a Service (IaaS) and ultra-low latency networks tailored for high-frequency trading in capital markets and financial services, announced the completion of its SOC 2 accreditation.
3. Company Fines
Nothing to report.
Friday, March 22, 2024
Wyng, a pioneer in activation platforms for consumer marketing, announced the completion of its SOC 2 Type 2 accreditation.
Trinity M Consulting recently completed the ISO 27001:2022 certification.
Signature Global (India) Limited, a real estate developer, recently completed the ISO 27001:2022 certification.
Antea, a risk-based asset integrity management (AIM) software company, recently completed the ISO 27001:2022 certification.
3. Company Fines
Nothing to report.
Thursday, March 21, 2024
Nothing to report.
Research Transcriptions, a provider of confidential human transcription services for qualitative research, announced that it has achieved both SOC 2 Type I and Type II certifications.
Tenant, Inc., a vertical SaaS technology platform company that offers a complete software ecosystem tailored to the Self-Storage industry, announced the completion of its SOC 2 Type 2 accreditation.
Milliken & Company, a global manufacturer, recently completed the ISO 27001:2022 certification.
3. Company Fines
Nothing to report.
Wednesday, March 20, 2024
Pensacola, FL – The city went through a potential ransomware attack, as it suffered widespread phone outages due to a cyberattack that was first detected over the weekend. The cyberattack disrupted the city’s 311 system and delays across several city departments. More details to come.
Bloomreach, a platform fueling limitless e-commerce personalization, announced the completion of its first SOC 2 Type 2 accreditation.
3. Company Fines
Nothing to report.
Tuesday, March 19, 2024
Nothing to report.
Prevail Legal Inc., a testimony management platform providing legal transcription, court reporting services, and advanced testimony intelligence tools, announced the achievement of SOC 2 Type 2 attestation and ISO 27001 certification.
Dispersive Holdings announced the completion of its first SOC 2 Type 1 accreditation.
IBSFINtech, a global enterprise Treasury Management System (TMS) provider announced its ISO/IEC 27001:2013 certification.
3. Company Fines
In response to a data breach where Medtronic Italia improperly exposed users’ email addresses, the Italian Supervisory Authority (the Garante) conducted a wider investigation into the company’s data handling practices. The Garante found violations of the GDPR regarding security and transparency, resulting in Medtronic being fined a total of EUR 300,000 for both security and transparency failings related to their handling of personal data. Read more here.
Monday, March 18, 2024
The Office of the Colorado State Public Defender – Some personal client was exposed during a ransomware attack last month, when officials shut down the office’s computer network after becoming aware of malware-encrypted data on system. Read more here.
Scranton School District – Their computer system was recently hacked and infected with ransomware last Friday. Read more here.
Zeto, Inc., a commercial-stage medical technology company transforming EEG brain monitoring in healthcare with its innovative EEG headset and advanced cloud platform, announced its renewal of SOC 2 Type II certification.
Nothing to report.
Friday, March 15, 2024
New Mexico Administrative Office of the District Attorney – Still trying to get its two main computer servers working again after a ransomware attack locked prosecutors across the state out of their files Wednesday morning.
RChilli has earned ISO 27001:2022 certification.
Nothing to report.
Thursday, March 14, 2024
Nissan Oceania – After a cyber attack affecting their local IT servers on 5 December 2023, Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks.
Change Healthcare – Change Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.
Current Status:
Feroot Security, specializing in client-side security, announced the completion of its first SOC 2 Type 2 accreditation.
Navina, the artificial intelligence (AI)-powered primary care platform that transforms complex, fragmented patient data into actionable insights at the point of care, announced the completion of its first SOC 2 Type 2 accreditation.
Accuserve Solutions, a managed repair service serving the intersection of insurance companies, property owners, and service contractors, announced the completion of its first SOC 2 Type 2 accreditation.
ExploreLearning®, a Cambium Learning Group brand, has earned ISO 27001:2013 certification.
Nothing to report.
Wednesday, March 13, 2024
Nothing to report.
Enertia Software, an upstream oil and gas software solutions company, announced the completion of its first SOC 2 Type 1 accreditation.
Baffle, a security platform company, announced the completion of its first SOC 2 Type 2 accreditation.
Human Managed, a cloud-native data analytics platform, announced the completion of its ISO/IEC 27001:2022 certification.
Samsung Electronics, a digital signage provider, announced the completion of its ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications.
Nothing to report.
Tuesday, March 12, 2024
EquiLend Holdings – LockBit ransomware claimed responsibility for a ransomware attack in January.
Current Status:
Finery Markets, a premier non-custodial crypto ECN, which provides cutting-edge trading infrastructure and software for institutional market players in over 30 countries, announced the completion of its first SOC 2 Type 1 accreditation.
LocaliQ, a Digital Marketing Solutions (DMS) business, announced the completion of its SOC 2 Type II accreditation.
Epicore Biosystems (‘Epicore’), a digital health company developing advanced sweat-sensing wearables to provide real-time personalized hydration insights for performance and safety, announced the completion of its SOC 2 Type II accreditation.
Xantrion, an IT services provider for growing and mid-market businesses, announced the completion of its SOC 2 Type II accreditation.
Regnology, a software provider with a focus on regulatory reporting solutions, announced that its Rcloud platform, completed its SOC 2 Type II accreditation.
Kalmar, part of Cargotec, has been awarded ISO 27001 certification for its Information Security Management System (ISMS).
Nothing to report.
Monday, March 11, 2024
Duvel Moortgat Brewery – The Stormous ransomware gang has claimed responsibility for an attack on Belgium’s Duvel Moortgat Brewery that has snarled production of its flagship Duvel and other beers.
Current Status:
Transak, a prominent cryptocurrency payments provider, has achieved a significant milestone for the Web3 sector by becoming the first worldwide on/off-ramp infrastructure firm to get the SOC 2 Type 2 accreditation.
Janusea, an integration platform provider for fintechs and financial institutions, announced the successful completion of its SOC 2 Type 2 accreditation.
Finery Markets, a premier non-custodial crypto ECN, which provides cutting-edge trading infrastructure and software for institutional market players in over 30 countries, announced the successful completion of its first SOC 2 Type 1 accreditation.
STRADVISION, a trailblazer in the automotive technology sector, announced the successful renewal of its ISO 27001 certification for the fourth consecutive year.
The Italian data protection authority, Garante, announced a fine of 2.8 million euros (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation (GDPR) regarding insufficient security measures the bank had in place during a cyberattack. Read more here.
Swedish payments group Klarna must pay a fine of 7.5 million crowns ($733,324) for violating the EU’s General Data Protection Regulation (GDPR) by not providing sufficient information to its users, a Swedish court of appeal ruled on Monday. Read more here.
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.