Proprietary and Security Incidents

posted by Roy Schestowitz on Sep 10, 2023

• 2023-09-04 [Older] Microsoft state recent cloud outage recovery was slower then hoped due to staff shortage [Ed: Microsoft after laying off tens of thousands of its own workers]

• 2023-09-06 [Older] Microsoft Says Compromise of Its Engineer's Account Led to Chinese Hack of US Officials [Ed: Decoy and distraction. Microsoft changing the subject. It got cracked. It was its own fault. The people who trusted Microsoft pay the price now.]

• 2023-09-07 [Older] Some Windows 11 users are absolutely irate with Microsoft

• 2023-09-05 [Older] Three Decades After Launch, Microsoft's WordPad Is Headed to the Trash Bin

• 2023-09-04 [Older] Microsoft to remove WordPad from Windows in future updates

• 2023-09-06 [Older] Microsoft, Apple want to get their services off the EU's tech gatekeeper list

• 2023-09-06 [Older] EU Designates the Big Six 'Gatekeepers' of Tech that Need to Bow to Regulations

• Class action lawsuit launched against federal government over CRA cyberattack

  The Federal Court of Canada has certified a class action lawsuit against the federal government, which alleges negligence in “safeguarding the confidential information of Canadians, leading to widespread privacy breaches.”

  The suit follows cyberattacks that targeted Canada Revenue Agency accounts and other government services back in 2020.

  The plaintiff, Todd Sweet, a retired police officer from B.C., claims that “inadequate safeguards” within several online government portals threw sensitive information in jeopardy, allowing “bad actors” to access the online accounts of Canadians without their consent.

• DEED: Data security incident may have resulted in some job seekers’ contact info being compromised

  The Minnesota Department of Employment and Economic Development (DEED) says it’s notified job seekers that a recent security incident may have resulted in some personal information being compromised.

  A DEED spokesperson says the agency recently received information about suspicious communications from one or more persons claiming to be representatives of an approved company on the MinnesotaWorks.net website. After confirming they were not affiliated with that employer, DEED says they revoked their access.

• An inexcusable gap from breach to notification, or an excusable one?

  Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach, identify the individuals affected, and restore the reasonable integrity of the data system.”