Joseph Topping reports: Heywood Hospital and Athol Hospital said a network outage this week was caused by a cybersecurity incident. The hospitals said they took affected systems offline and engaged a third-party cybersecurity firm. The facilities—Heywood Hospital in Gardner, Massachusetts, and Athol Hospital in Athol, Massachusetts—remain open and caring for patients; earlier in the week...

Source

Ionut Arghire reports: More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns. Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems. According to the US-based...

Source

Jacob Roach reports: You’re constantly leaving your fingerprint all over the internet. You leave it with the personal information you share willingly, the personal information you share unknowingly, and with the mountain of data that gets sent to each website you load. Maybe you know a thing or two about privacy and decided to pick up a...

From a press release by Claro: The Town of Dover has taken a bold step forward in public safety by partnering with Claro to deploy advanced AI-driven surveillance technology across its municipal buildings. This initiative, which enhances both security and operational efficiency, is already being recognized as a model for smart city innovation. With the...

NEW YORK—The United Automobile Workers (UAW), Communications Workers of America (CWA), and American Federation of Teachers (AFT) filed a lawsuit today against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of protected expression online. The complaint asks a federal court to stop this unconstitutional surveillance program, which has silenced and...

Nicole Aljet reports an update on a data breach that had been disclosed by Regal Medical Group in February 2023. Current and former patients who received a notice in early 2023 stating a data breach involving Heritage Provider Network or its affiliates may have exposed their personal or medical information could qualify to claim a cash payment...

Source

Lauren Giella reports: Oklahoma health system Integris Health reached a $30 million settlement in a data breach class action lawsuit that impacted over two million people over two years ago. This agreement settles a class action lawsuit filed in the U.S. District Court for the Western District of Oklahoma that accuses Integris of negligence after...

Source

Yonhap News reports: The Ministry of Science and ICT said Monday it has asked the police to investigate allegations that KT obstructed a government probe into the company’s unauthorized mobile payment breaches. In late August, unauthorized mobile payments worth a combined 240 million won ($168,000) were reported in Seoul and nearby areas after the personal...

Source

Lawrence Abrams reports: Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. The flaw was addressed with an out-of-band security update released over the weekend, which Oracle said could be used to access “sensitive resources.” “This...

Source

The Information Commissioner’s Office has fined Capita plc and Capita Pension Solutions Ltd a combined £14m following a cyber attack in April 2023 which saw hackers gain access to over 6m people’s data. Stroud News & Journal reports: Outsourcing giant Capita has been fined £14 million by the Information Commissioner’s Office (ICO) for failing to...

Source

Steven L. Imber, Justin T. Liby, Jennifer L. Osborn, Zachary R. Dyer, and Pavel (Pasha) A. Sternberg of Polsinelli PC write: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks.  In the...

Source

As posted on Telegram by Pavel Durov, its founder: Telegram sent this message to all its users in France regarding Chat Control. People must know the names of those who try to steal their freedoms: Today, the European Union nearly banned your right to privacy. It was set to vote on a law that would...

Christopher Brown reports: LinkedIn Corp. must face three related lawsuits alleging it collected the sensitive information of visitors to several health-related websites without their consent in violation of California privacy laws. The individual plaintiffs in two of the proposed class actions adequately pleaded claims of invasion of privacy under the California Constitution and violations of...

GW Law Professor Daniel Solove talks with GW Research Magazine About His Latest Research October 9, 2025 For authoritarian governments, surveillance has always been a powerful tool for stifling dissent and ensuring obedience in a population. Private information gathered on individuals can be used to manipulate, blackmail or threaten them with punishment. In his article,...

Joe Fay reports: An Austrian digital privacy group has claimed victory over Microsoft after the country’s data protection regulator ruled the software giant “illegally” tracked students via its 365 Education platform and used their data. noyb said the ruling [PDF] by the Austrian Data Protection Authority also confirmed that Microsoft had tried to shift responsibility for access requests to...

In a special edition of “No need to hack when it’s leaking,” DataBreaches reports on a software vendor that, despite multiple attempts by multiple parties, continues to expose confidential and sealed court records.  Overview As a matter of policy, DataBreaches does not publish unredacted stolen or leaked data if it would expose personally identifiable or...

Source

After days of endlessly urging Salesforce or companies to pay them so that their data would not be leaked, the deadline for Salesforce to pay came and went. And as it went, ScatteredLAPSUS$Hunters leaked data from six of the 39 companies listed on its dark web leak site. But that’s where the massive leak that...

Source

Harvey Cashore, Eva Uguen-Csenge,  and Mark Kelley report: Kelowna nurse Ashley Stone sits down at her kitchen table, opens a bulky blue folder containing a paper trail of 10 years of multiple frauds committed in her name by imposters and gets right to the point. “It’s just been a nightmare.” She says she’s had to...

Source

Theresa Defino reports: Covered entities (CEs) and business associates (BAs) might be forgiven if the most recent HHS Office for Civil Rights (OCR) HIPAA enforcement action evoked little more than a yawn. Yes, the $175,000 payment isn’t a particularly large amount, and the sole alleged violation is a retread. Actually, it’s the 10th in OCR’s...

Source

Heads up to entities doing business in California: your breach notification obligations are changing.  Joseph Lazzarotti of JacksonLewis explains: Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney General when personal information of California residents has been...

Source