Hand-picked headlines from Datarisk Canada’s dedicated cybersecurity curators.
WINNIPEG FREE PRESS: Province Sued Over Privacy Breach Involving 9,000 Children
In August 2020, Children’s Disability Services staff in Winnipeg accidentally sent an email containing confidential information about children with disabilities to about 100 agencies and advocacy groups. The email contained a password-protected spreadsheet including identifying information, but the password was also included in the email. Now, a class-action lawsuit is being filed against the province.
ROBINHOOD: Robinhood Announces Data Security Incident
Robinhood, the stock trading and investing app, announces that they experienced a data security incident November 3. Apparently, an unauthrozed third party obtained access to a limited amount of personal information for a portion of their customers. Robinhood believes that no social security numbers, bank account numbers, or debit card numbers were exposed; however, email addresses of 5 million people and other personal information has been taken.
SKYBOX SECURITY: 83% of Critical Infrastructure Organizations Suffered Breaches, 2021 Cybersecurity Research Reveals
New research suggests that 83% of organizations suffered an operational technology cybersecurity breach in the past 36 months. At the same time, 73% of CIOs and CISOs feel highly confident their organization will not suffer an OT breach this year. In short, organizations underestimate the risk of a cyberattack, while often not putting in place the necessary measures to prevent an attack from happening.
TTC Cyber Attack
GLOBAL NEWS: TTC Cyberattack May Have Stolen Information from Up to 25K Employees, Former Employees
The TTC is now saying that the ransomware attack that occurred two weeks ago may have resulted in the loss of the personal information of up to 25,000 employees. This information may include names, addresses, and social insurance numbers. Those who may have been affected will have credit monitoring and identity theft protection provided by the agency.
FORBES: Countering the Rising Threat of Critical Infrastructure Attacks with a Security-First Approach
Over the past year, we have seen an increase in cyberattacks threatening critical infrastructure entities (Colonial Pipeline, SolarWinds, and JBS, for instance). To defend themselves against this kind of attack, organizations must analyze the current landscape and take a security-first approach, essentially placing security needs as high-priority alongside other business functions.
MINING DOT COM: Ransomware Attack on Mining Operations “Almost Inevitable,” Says Cybersecurity Expert
Last month, Weir, a mining industry supplier, was the victim of a cyberattack that forced it to isolate and shut down its core IT systems. Even before the pandemic, cybersecurity was a growing threat for mining companies, and a recent report from Marsh suggests that cyber threats present a principal risk for mining companies in achieving their goals.