Stay up-to-date on what is happening with privacy laws, as well as stories about leaks of private information from security breaches in the public and private sector. 360Civic has provided emergency services to individuals, businesses, police organizations and courts in the wake of hacking incidents and ransomware attacks.
Last updated: April 17, 2024
To Our Friends in the Media
If you are a member of the media and would like more information about any of these stories, or input from our CEO on privacy laws, the danger of privacy hacks, or how online privacy protection works, please contact us at press@360civic.com.
Phishing and Ransomware Attacks
Omni Hotels says customers' personal data stolen in ransomware attack
Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.
Change Healthcare’s ransomware attack costs edge toward $1B so far
UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million. That's on top of the amount in advance funding and interest-free loans UnitedHealth provided to support care providers reeling from the disruption, a sum said to be north of $6 billion.
Hackers post Tarrant County property owners’ data from ransomware attack on dark web
Medusa, the hacking group responsible for the ransomware attack on the Tarrant Appraisal District, has published data on the dark web it obtained from the attack, TAD said Tuesday. Content on the dark web is not accessible by search engines and requires a special browser. The 300 individuals whose information has been compromised have been notified via mail.
Why cybersecurity investigators fear ransomware hacks may get worse
In the past year -- hospitals, pharmacies, tech companies, Las Vegas' biggest hotels and casinos have been paralyzed by "ransomware" attacks, in which hackers break into a corporate network, encrypt, or lock up critical files and hold them hostage until a ransom is paid. It's a crime that has been growing more costly and disruptive every year. Now cybersecurity researchers fear it's about to get worse, with the emergence of an audacious group of young criminal hackers from the U.S., U.K. and Canada the FBI calls Scattered Spider. More troubling, they have teamed up with Russia's most notorious ransomware gang.
Missouri county declares state of emergency amid suspected ransomware attack
Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable.
New York City payroll website has been down for a week, following phishing attack
The administration of Mayor Eric Adams took its payroll website partially offline for the last nine days in response to a recent phishing scheme targeting city employees — leaving the city’s roughly 300,000 full time workers with limited access to essential forms as Tax Day nears.
Here Are the Most Impersonated Brands in Phishing Attacks
It turns out that Microsoft was the most impersonated brand by far, with 68 million phishing emails sent out using its name in 2023 alone. Of these 68 million emails, 20 million talked about an Office 365 subscription because of the fact that this is the sort of thing that could potentially end up making users more likely to click.
New Twist on Phishing Attack Targets Apple Users With Password Resets
If you suddenly receive dozens of password-reset notifications on your iPhone, watch out: You’re probably facing a devious phishing attack targeting Apple users.
The malicious tactic is intended to to trick iPhone users into handing over access to their Apple accounts, according to security journalist Brian Krebs.
After years of ransomware attacks, health-care defenses still fail
Federal officials and industry executives have known for years that the U.S. health-care system was one of the critical industries most vulnerable to hacking but failed to make the improvements that might have stopped attacks like the one that has crippled pharmacists and other medical providers for three weeks.
The state of ransomware: Faster, smarter, and meaner
The ransomware business hit record highs in 2023 despite falling payment rates, as attackers scaled up the number of attacks and new AI weapons were brought to bear on both sides of the war, promising to make an even bigger impact this year. Ransomware payments hit $1.1 billion in 2023, a record high and twice what they were in 2022. The frequency, scope and volume of attacks were all up, as was the number of independent groups conducting the attacks, according to a report by Chainalysis.
2024 Marks the Most Active February for Ransomware Attacks in Three Years
In February 2024, global levels of ransomware attacks increased by 46% from January, with a total of 416 cases compared to 285 in the previous month, according to NCC Group's February Threat Pulse. Year-on-year, ransomware attacks continue to rise. Data from February 2024 shows that levels of ransomware attacks were up 73% from 2023 and 124% from 2022, marking a steep upward trajectory of attack volume over the last three years.
California doctors struggle to make payroll one month after ransomware attack
For a month now Sacramento dermatologist Dr. Margaret Parsons has been unable to submit insurance claims to get paid for services provided. All of her private practice’s claims go through Change Healthcare, the country’s largest network for insurance billing and the subject of a Feb. 21 cyberattack that has yet to be fully resolved.
The email phishing scams to look out for in 2024
From emails purporting to be from life insurance providers to those offering “free” subscriptions to streaming sites, every day scammers are trying to steal our cash or ID. And they can be extremely convincing.
Threats Against Judges
Tougher penalties in effect for threats against election workers in Maryland
When election judges report for duty on May 14, a new law that penalizes anyone who issues threats against them will be in effect. Maryland Gov. Wes Moore has signed into law a bill that raises the penalty from one to three years in prison for anyone who issues a threat against an election judge. The increased penalties apply if the family of an election worker is targeted, as well. Jared DeMarinis, Maryland state administrator of elections, told WTOP incidences of harassment and threats directed at election judges and election workers have increased nationally.
American Bar Association warns of increasing threats to US judges
The American Bar Association published a statement on Monday expressing alarm over the increasing threats against judges in the US. The statement cited that serious threats against judges have doubled since 2019, with 457 incidents reported in 2023. These threats often involve threats to physical safety and harm and can have a profoundly negative effect on a judge’s well-being.
Southern California Man Charged With Sending Death Threats to Orange County Judge
Federal prosecutors have secured an indictment against a former Laguna Niguel man accused of threatening to kill an Orange County Superior Court judge who presided over a family law case involving his son. A grand jury delivered a true bill Friday charging Bryom Zuniga Sanchez, 32, with two counts of making threats by interstate and foreign communication. Prosecutors say that, between May 2023 and July 2023, Zuniga sent by email and posted on Instagram multiple death threats to the unnamed judge. He also is accused of threatening police, court staff and others in the courthouse. “I am more committed to murdering you than I am to being present as a father,” Zuniga allegedly wrote to the judge’s former courtroom last July.
St. Louis judge testifies against man accused of death threat after Daniel Riley verdict
A city judge said Wednesday a threat to kill him and the jurors who convicted 22-year-old Daniel Riley of causing a crash that severed a teenager’s legs was an attempt to influence future judicial proceedings.
Foiled Assassination Plot Against Justice Kavanaugh Shows How ‘Apocalypse Politics’ Is Putting Judges’ Lives at Risk
Death threats, harassment, stalking: Are these types of violence against judges becoming the norm? “It’s part and parcel of American politics today,” a civil rights attorney who is a candidate for Fulton County judge, Robert Patillo, tells the Sun.
S.F. judge in contentious stabbing case moves hearings online following death threats
A judge who issued a suspended prison sentence to a mentally disturbed man who stabbed an elderly Asian American woman has received death threats and is now hearing cases remotely rather than going to the courthouse, the Bar Association of San Francisco said Tuesday.
Privacy Laws
The American Privacy Rights Act of 2024: A New Framework for Data Privacy
A “discussion draft” of the American Privacy Rights Act of 2024 (APRA) aims to establish a comprehensive national framework for consumer data privacy and security, introducing requirements for covered entities on data handling and consumer rights. The bipartisan bill is being driven by Senate Commerce Committee Chair Maria Cantwell and House Energy and Commerce Chair Cathy McMorris Rodgers.
Nebraska Legislature Passes Consumer Data Privacy Bill
On April 11, 2024, the Nebraska legislature passed the Nebraska Data Privacy Act (LB 1074). It now heads to Nebraska Governor Jim Pillen. Assuming the bill becomes law, Nebraska will become either the sixteenth or seventeenth state to enact consumer data privacy legislation, depending on whether Maryland’s bill, which passed the Maryland legislature last Saturday, is enacted first.
Kentucky’s New Consumer Privacy Law: Is the Privacy Grass Greener in the Bluegrass State?
With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It closely resembles other state privacy laws, in particular, Virginia’s privacy law.
Maryland Passes 2 Major Privacy Bills, Despite Tech Industry Pushback
The Maryland legislature this weekend passed two sweeping privacy bills that aim to restrict how powerful tech platforms can harvest and use the personal data of consumers and young people — despite strong objections from industry trade groups representing giants like Amazon, Google and Meta. One bill, the Maryland Online Data Privacy Act, would impose wide-ranging restrictions on how companies may collect and use the personal data of consumers in the state. The other, the Maryland Kids Code, would prohibit certain social media, video game and other online platforms from tracking people under 18 and from using manipulative techniques — like auto-playing videos or bombarding children with notifications — to keep young people glued online.
Can Florida's new digital data law tame the 'Wild West' of online privacy?
Floridians may have new privacy options this summer if you use Amazon, Facebook or Google, thanks to a new digital privacy law that goes into effect July 1. Big tech companies have had a year to prepare for the new law, which expands what’s considered personal data to include your voice, fingerprints and face. Supporters say it allows users more control over their data and how large Internet companies that make money from advertising use it.
State Consumer Privacy Laws: New Privacy Laws in Texas, Oregon, and Montana Take Effect in 2024
Beginning July 1, 2024, Texas and Oregon will join the growing list of states with active consumer privacy laws, with Montana joining them on October 1. The new laws are similar to existing state data privacy laws in that they grant protections for consumers and impose requirements on companies collecting consumer personal data. While companies whose privacy programs already comply with existing data privacy laws will not have to make significant changes, companies considering data privacy laws for the first time will need to update their privacy policies and develop and implement new processes before July 1 to comply.
Utah Governor Signs Spate of Privacy Bills into Law
Last week, Utah Governor Spencer J. Cox signed three privacy-related bills into law. The bills are focused on, respectively, protection of motor vehicle consumer data, regulations on social media companies with respect to minors, and access to protected health information by third parties. The Utah legislature appears to be focused on data-related legislation this session, as Governor Cox signed two other bills related to AI into law last week as well.
The List Grows: Kentucky Lawmakers Close in on Comprehensive Privacy Law
Kentucky may soon join the expanding list of states with comprehensive privacy laws. Kentucky House Bill 15, an act related to Kentucky consumer data privacy (KCDPA), made its way through the Kentucky Senate with a unanimous vote on March 11, 2024. The bill is back with the Kentucky House, which will now have the opportunity to sign off on minor amendments. Pending passage in the House and Governor Andy Beshear’s subsequent signature, regulated entities will have until January 1, 2026, to prepare for the KCDPA to take effect.
Vermont sets national precedent with unanimous House passage of comprehensive data privacy legislation
The Vermont House of Representatives achieved a historic milestone by unanimously passing H.121, an act relating to enhancing consumer privacy, with a resounding vote of 139 - 0. The Vermont Data Privacy Act champions crucial consumer rights. It gives people the ability for individuals to access, delete, and correct the information that businesses have about them as well as to opt out of the use of personal data for targeted advertising, data sales, and significant automated profiling decisions.