Here’s a round-up of interesting reading we found online today*;
Data Breach at Bank of America. Bank of America Corporation has disclosed a data breach affecting clients who have applied for the Paycheck Protection Program (PPP). The breach occurred on April 22, as Bank of America uploaded PPP applications onto the U.S. Small Business Administration's test platform, according to a filing with the California Attorney General Xavier Becerra's Office. The limited-access platform allowed lenders to test PPP submissions before the second round began. Bank of America notified principal owners after the bank uploaded the loan applications of some customers to “limited access, controlled” Small Business Administration (SBA) test application platform, according to a letter to customers made public by the California attorney general’s office.
Earlier this month, Arbonne, a multi-level marketing company advertising vegan skincare, cosmetics, and nutrition products, disclosed a data breach affecting 3,527 California residents. However, the total number of impacted individuals remains unknown, as other states may be affected as well. Residents of Maryland, New York, New Mexico, North Carolina and Rhode Island residents are encouraged to get in touch with their Attorney General for additional information.
Kansas University Data Breach Affects Current, Former Students. The data breach happened in December 2018 and compromised the personal information of Wichita State University students as far back as two decades. One of the victims wants to file a class-action lawsuit.
Hacker Stealing SQL Databases to Extort Online Shop Owners. There’s a wave of SQL database encryption, stealing, and extortion that is targeting e-commerce websites. Actors are requesting about five hundred dollars in ten days, or else they publish the data online. The threat actors are possibly selling these databases to others on the dark web, maximizing their profits.
Good blog post "Commentary - How GDPR and CCPA Apply to Unstructured Enterprise Data. Unstructured data risk management is a core component of GDPR, CCPA and any other data privacy regulatory and compliance priority".
The Australian Cyber Security Centre (ACSC) has issued advice on cyber-attack methods being widely deployed by cybercriminals and state-sponsored advanced persistent threat (APT) groups. Based on ACSC investigations into cyber-attacks against Australian organizations in 2019 and 2020, the advisory outlines the various ways attackers are gaining access to vulnerable systems, exfiltrating data, and executing malicious commands, among other nefarious goals.
*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.