Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >


UK voters’ data exposed in Electoral Commission cyber-attack

  • The Commission revealed the attack was identified in October 2022 after suspicious activity was detected on its systems. A subsequent investigation found that the attackers had first accessed its servers in August 2021, the Commission reported in a notification published on August 8, 2023.
  • The malicious actors accessed “reference copies” of the electoral registers, held by the Commission for research purposes and to enable permissibility checks on political donations.
  • This contained personal data of anyone in the UK who was registered to vote between 2014 and 2022, including names and home addresses. The names of those registered as overseas voters were also exposed.
  • The register did not include information of those registered anonymously.


Cumbria Police: Officers’ names and salaries put online by error

  • The names and the salaries of every Cumbria Police officer and staff member were accidentally published online, it has emerged.
  • The force said “human error” led to information being wrongly uploaded to its website on 6 March.
  • However, personal details, including dates of birth and addresses, were among the details not released.
  • Cumbria Police said the impact of its breach was “low”, but had informed the Information Commissioner’s Office (ICO).


SESARAM confirms cyberattack and suspends non-urgent activity this Monday

  • SESARAM has just issued a statement confirming the occurrence of a “deliberate and malicious cyber-attack with the sole objective of causing damage and disrupting the normal functioning of the Regional Health Service of the Autonomous Region of Madeira”.
  • “The internal functioning of SESARAM is thus affected, compromising some areas”, underlines the same source, adding that efforts are being made “in accordance with the competent authorities, in order to overcome the current situation”.
  • According to the same source, “the incident was reported to the National Cybersecurity Center and the National Data Protection Commission and reported to the criminal police bodies with competence in the matter, forcing a thorough investigation of the hypothetical perpetrators in order to overcome the attack he was the target of”.
  • Further informs SESARAM that “due to this incident all non-urgent clinical activity will be suspended during the day of tomorrow, August 07, 2023, to consider: consultations, scheduled surgeries, clinical analyzes and complementary means of diagnosis”.


Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online

  • Police Service of Northern Ireland (PSNI) mistakenly shared sensitive data of all 10,000 serving police officers in response to a FOI request.
  • Exposed data include the names and rank of all 10,000 serving police officers. The data leaked poses a severe risk for the officials.
  • Chris Todd, PSNI’s senior information risk owner, explained that the data leak was caused by a simple human error.


Cyberattack disrupts hospital computer systems across US, hindering services

  • A cyberattack has disrupted hospital computer systems across the United States, forcing emergency rooms in several states to close and ambulances to be diverted.
  • Many primary care services remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.
  • “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible


Colorado warns 4 million of data stolen in IBM MOVEit breach

  • The Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information.
  • The data breach was possible after Clop ransomware exploited the MOVEit Transfer zero-day (CVE-2023-34362) in a hacking campaign that impacted hundreds of organizations worldwide.
  • HCPF clarifies that while their systems weren’t directly compromised, the data exposure occurred through IBM, their contractor, which utilized the MOVEit software.