WebProNews

Tag: The Record

  • Australia May Ban Ransomware Payments

    Australia May Ban Ransomware Payments

    Australia is considering a measure to ban companies from making ransomware payments to cybercriminals.

    Ransomware is one of the fastest growing cybersecurity threats, and has taken a toll on public and private organizations alike. Most government and law enforcement agencies discourage victims from paying, but The Record is reporting that Australia is considering taking it a step further.

    Australia has been hit hard by several ransomware attacks and the country is clearly trying to discourage further attacks by making it impossible for victims to pay.

    Clare O’Neil, home affairs and cybersecurity minister, confirmed to ABC that the government was considering the proposal.

  • University of Kentucky Discloses Large Data Breach

    University of Kentucky Discloses Large Data Breach

    The University of Kentucky has sent out a letter disclosing a data breach impacting some 355,000 individuals.

    UK discovered the issue during an annual cybersecurity penetration test. The breach occurred in June 2021, impacting the College of Education database, part of the university’s Digital Driver License (DDL) platform. The DDL is used by K-12 schools and other colleges, both in and outside of Kentucky, for online training and test-taking.

    UK says the database contained usernames (usually a person’s email) and passwords for some 355,000 individuals, although the university says it contained no other personal information, minimizing potential identity theft concerns.

    “The University of Kentucky has spent more than $13 million on cybersecurity in last five years alone,” said Brian Nichols, UK’s chief information officer. “We have increased cybersecurity investments and enhanced our mitigation efforts in recent years, which enabled us to discover this incident during our annual inspection process conducted by an outside entity. Although the potential for identity theft is limited, we take this incident seriously and it is unacceptable to us. As a result, we will be taking additional measures to provide even more protection going forward. UK’s chief concern is end user privacy and protection and we are making every effort to secure end user data.”

    You can read UK’s full disclosure letter, contributed by The Recordhere.

    The DDL’s primary purpose is to provide free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. The platform is also used by the university for some of its own test-taking capabilities.

    The DDL breach was discovered in early June when the university carried out scheduled penetration tests of its platforms with the help of a third party.

    The test uncovered a vulnerability in the DDL platform, which when the university investigated further it discovered that it had been exploited earlier in the year.