Wojeski & Company
July 28, 2023
•[ ransomware, phishing, data leak ]
NY AG says Wojeski suffered a phishing-led ransomware incident that locked access to files, followed by a second breach when a vendors employee improperly accessed and exfiltrated client data. Notifications lagged by over a year. Settlement requires encryption, inventorying locations of personal data, stronger access controls, vulnerability management, and a formal IR plan; $60,000 penalty and credit monitoring for affected New Yorkers.
Government Communications Headquarters
August 24, 2022
•[ insider threat, data leak ]
Former intern admitted unauthorized transfer of top secret data from Gchq.
