In a recent development, an arrest has been made in connection with the data breach at the Police Service of Northern Ireland (PSNI). As previously reported, the private information of all 10,000 serving officers and staff at PSNI were inadvertently leaked due to an employee error. The leaked data quickly started circulating on the internet, and on Monday, a redacted document allegedly exposed in the breach was posted on a wall facing a Sinn Fein office in Belfast. This incident raised concerns about the potential risks posed by the leaked information falling into the wrong hands.
According to reports from The Sun, a man was arrested on suspicion of collecting information likely to be useful to terrorists. Authorities have been working diligently to address the risks posed to officers and staff, and this arrest is just one part of a larger operation aimed at disrupting criminal activity associated with the data breach. Following his arrest, the man was questioned at Musgrave Serious Crime Suite and later released on bail. Detective Chief Superintendent Andy Hill emphasized that the investigation would continue to ensure the safety of communities and the police officers and staff who serve them.
In other news, leading US hospital Johns Hopkins University and Health System is facing several class action lawsuits brought by patients whose private data was compromised in a data breach. The breach occurred as a result of hackers exploiting vulnerabilities in the popular MOVEit file transfer protocol. Approximately 300,000 individuals were impacted by the breach at Johns Hopkins University, and it is estimated that a total of 46 million individuals worldwide have been affected by the MOVEit mass-hack.
The Baltimore Banner spoke with cyber experts who pointed out that organizations like Johns Hopkins face significant challenges in avoiding exploitation through the MOVEit bugs. Even with the best cybersecurity systems, processes, and people in place, organizations can still be vulnerable to these types of attacks. The issue lies in the difficulty of fully vetting trusted third-party applications like MOVEit, regardless of how secure an organization’s own systems are. Massachusetts-based Progress Software, the developer behind MOVEit, has been named as a co-defendant in three of the lawsuits against Johns Hopkins and other breached organizations.
Attorney Benjamin Yelin highlighted that the plaintiffs in these cases might struggle to demonstrate legal standing due to the lack of specific examples of harm suffered by the victims. Although some victims claim to have lost time monitoring their accounts for suspicious activity, these claims are often seen as too vague to confer legal standing. Yelin argued that blaming the victims without any proof of negligence in handling the data is unjust and does not contribute to finding a solution for preventing similar breaches in the future.
In another incident, the Liquor Control Board of Ontario in Canada disclosed a data leak caused by a third-party that exposed subscribers’ data. The breach allowed an unauthorized party to access information such as names, email addresses, dates of birth, postal codes, and Aeroplan numbers. The breached vendor responsible for distributing promotional emails, Conversion Digital, embedded malicious code on the board’s website. As a result, the LCBO had to temporarily disable customer access while conducting an investigation. The Office of the Information and Privacy Commissioner of Ontario has been notified of the incident.
Lastly, GEICO, an American auto insurance company, has disclosed a third-party data breach that may have exposed employee data to unauthorized parties. The breach is believed to be linked to a vulnerability in the MOVEit software. GEICO has advised its employees to freeze their credit as a precautionary measure. However, the company has stated that no customer data are at risk.
Damir J. Brescic, Chief Information Security Officer at Inversion6, raised concerns about GEICO’s cybersecurity posture in light of this incident. Brescic recommended implementing regular security updates for software like MOVEit, as well as robust access control and authentication mechanisms to prevent unauthorized access to sensitive data. He also emphasized the importance of using strong and unique passwords, enabling two-factor authentication, and regularly monitoring financial statements and credit reports to detect any suspicious activity resulting from a data breach.
As organizations continue to grapple with the increasing threat of data breaches, it is essential to prioritize cybersecurity measures and establish stringent protocols to mitigate risks.