Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack
Tuesday, September 29, 2020
A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, noted that the CCSD story could get messy if parents choose to sue the district over the attack and its handling of it.
“What may be tricky is an eventual lawsuit by the victims against the school,” he said via email. “The crunchy point will be whether a failure to pay a ransom, to preclude data from being published, may be construed as a failure to remediate the damage and thus make the school civilly liable for this specific leak and its consequences. The monetary damages will, however, likely be of a nominal value as evidenced by recent litigation in the US involving similar data breaches. The best avenue will likely be a settlement, providing the students with a necessary support to negate reasonably foreseeable consequences of the data breach and exposure of their PII [personally identifiable information].” Read Full Article
ITWeb: REvil ransomware group dangles $1m carrot
Forbes: This ‘Hacker University’ Offers Dark Web Cybercrime Degrees For $125