Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Court. Show all posts

OPM Data Breach: Federal Judge Finalizes $63 Million Settlement for 2015 Data Breach Case Victims

 

On October 14, a federal judge granted the final approval for a $63 million settlement in regard to the 2015 Office of Personnel Management (OPM) data breach, bringing an end to the seven-year-long lawsuit over one of the biggest publicly known and reported security failures by the Federal government. 
 
U.S. district judge Amy Berman Jackson gave approval for the settlement to proceed in a fairness hearing, held at the U.S District Court for the District of Columbia. The judge described the approved terms to be “fair, reasonable, and adequate, and in the best interest of named and class members.” 
 

OPM Data Breach, 2015 

 
The United States Office of Personnel Management (OPM) in June 2015 confirmed it has experienced a series of data breaches targeting personnel records. 
 
Reportedly, about 22.1 million personal records were affected in the breach, including those pertaining to government employees, other individuals who had undergone background checks, and their family and friends. 
 
The data breach is considered one of the largest breaches of government data in U.S. history. The information accessed unlawfully included personally identifiable information (PII) of victims, including their names, dates, place of birth, residential addresses, and Social Security numbers.  
 
The cyber attack was carried out by state-sponsored threat actors working for the Chinese government. 
 

Terms of the settlement 

 
Prospective participants will still have until December 23 to join the lawsuit, after the final fairness hearing, following which the validity of each claim will be accessed.  
 
Furthermore, payouts to the claimants are expected to take place in the first or second quarter of next year, assuming there are no appeals. 
 
In accordance with the settlement terms, the prospective claimant is entitled to a minimum of $700 per claim, and a maximum of $10,000 per claim.  
 
As per Everett Kelley, national president of the American Federation of Government Employees and a plaintiff in the lawsuit, the court ruling was a “significant victory for rank-and-file federal employees.” 
 
“We look forward to continuing to educate our members whose personal information was compromised in this data breach about how they can take part in this settlement and receive the compensation they are due under the law,” Kelley said.

Court of Justice of the State of Rio Grande do Sul, Brazil Hit by REvil Ransomware

 

REvil ransomware group on 28th April 2021, had attacked the Tribunal de Justiça do Estado do Rio Grande do Sul (Court of Justice of the State of Rio Grande do Sul) in Brazil, which compromised the staff data and also obligated the courts to disable their network. Also labeled as Sodinokibi, REvil is a private service for the ransomware-as-a-service operations which rose in 2019. 

The Tribunal de Justiça do estado do rio Grande do Sul (TJRS), is a legal framework of the Brazilian state of Rio Grande do Sul. The attack started on April 28th, after personnel unexpectedly found that they are not able to access any of their documentation and photographs anymore, and also that ransom notices were displayed on Windows. 

Relatively soon after the intrusion was started, the verified TJRS Twitter account alerted staff not to sign into local and remote TJ network systems. 

“The TJRS reports that it faces instability in computer systems. The systems security team advises internal users not to access computers remotely, nor to log into computers within TJ’s network,” tweeted the TJRS judicial system. 

A Brazilian security analyst named Brute Bee took a screenshot and shared it with the staff of Bleeping Computer including ransom notes and talked about the attack. These ransom notices are there for the REvil service as they were the ones responsible for the attack, which is also autonomously verified by Bleeping Computer. 

“Files of TJRS could've been lost forever unless backups are available! DDoS attacks are yet to come if its victims refuse to cooperate”, added Brute Bee. 

Bleeping Computer further added that the threat actors have demanded a $5,000,000 ransom for the REvil Ransomware project to decrypt documents and further not to leak any of their data. 

One individual characterized the incident as "horrible," and "the worst thing happened there," in an interpreted audio recording that has been exchanged with Bleeping Computer, and also the IT workers experienced a "hysterical stress attack" while they scrambled to restore thousands of computers. 

The Superior Court of Justice of Brazil was targeted by the RansomEXX ransomware community last November as well, which started encrypting computers in the center of conference call tribunals. At the very same moment, the domains of several other Federal government departments in Brazil went down, but whether they were shut down or were under attack wasn't visible.

Madras high court lifts ban on Tik Tok but you still can’t download it

The Madurai Bench of the Madras High Court removed the interim ban on TikTok on April 24, three weeks after it had asked the government to prohibit further downloads of the popular Chinese short-video application.

TikTok allows users to create and share short videos with special effects and is one of the world’s most popular apps.

On April 3, the app was prohibited in the country because of concern it exposed children to pornography and other disturbing content.

The Chinese parent company had appealed to the apex court against the high court's order. Beijing Bytedance Technology Co. said ban led to financial losses of up to US$500,000 a day and had put more than 250 jobs at risk.

Amicus Curiae Arvind Datar, appointed by the court to examine the implications of the app, argued on Wednesday that banning an application is not the solution, and rights of legitimate users must be protected.

The Supreme Court had on Monday asked the Madras High Court to decide in its hearing on Wednesday ByteDance’s plea against the latter’s interim order of banning the app.

Last week, Google and Apple removed TikTok from their app stores on the directions of the government. The app, however, is still not available for download on both Android and iOS devices. Even if you try to install it via Google Chrome from a computer, the app listing page shows an error. A report by Gadgets 360 suggests that Madras High Court has still not sent the directive officially to the Ministry of Electronics and Information Technology. This is the reason the government hasn't been able to ask Google and Apple to make the apps available officially on their app stores.

While the reason for the delay is still unknown, those who are interested in downloading the app will still have to rely on third-party websites for downloading it on Android phones. Do note that the case is still ongoing and it could be a while before the court sends the directive to the government to remove the ban on the app.