Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.town/notes/9qmcovy6ntt4lhdz">Taggart :donor: (mttaggart@infosec.town)'s status on Saturday, 09-Mar-2024 18:52:59 JST</a><a href="https://infosec.town/@mttaggart" title="mttaggart@infosec.town"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Taggart :donor:" style="position: absolute; left: 0; top: 0;">Taggart :donor:</a><div><a href="https://infosec.town/notes/9qmcjni6cjastaz1" rel="in-reply-to">in reply to</a></div></section><article><p>Secondly, a keyword attack scanned our network for any file or folder that used certain sensitive keywords in its naming convention, such as ‘passport’ or ‘confidential’, and copied files not just from our corporate networks but also from drives used by staff for personal purposes as permitted under the Library’s Acceptable Use of IT Policy. This policy, and the staff education that accompanies it, will be reviewed in the light of lessons learned from the cyber-attack. The files and folders copied in this way represent around 40% of the copied documents. Oh really? It's going to be reviewed?<br><br>Tell you a secret about non-profits, schools, and cultural institutions. Their PII policies are ridiculously lax. And also? Most PCI compliance...isn't.<br><br>These places are rife with sensitive data (like, say, <b>donor information</b>) that is incredibly valuable to attackers.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2805661#notice-5565220">In conversation</a><time datetime="2024-03-09T18:52:59+09:00" title="Saturday, 09-Mar-2024 18:52:59 JST">about a year ago</time> <span>from <span><a href="https://infosec.town/notes/9qmcovy6ntt4lhdz" rel="external" title="Sent from infosec.town via ActivityPub">infosec.town</a></span></span><a href="https://infosec.town/notes/9qmcovy6ntt4lhdz">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Taggart :donor: (mttaggart@infosec.town)'s status on Saturday, 09-Mar-2024 18:52:59 JST Taggart :donor:
in reply to
Secondly, a keyword attack scanned our network for any file or folder that used certain sensitive keywords in its naming convention, such as ‘passport’ or ‘confidential’, and copied files not just from our corporate networks but also from drives used by staff for personal purposes as permitted under the Library’s Acceptable Use of IT Policy. This policy, and the staff education that accompanies it, will be reviewed in the light of lessons learned from the cyber-attack. The files and folders copied in this way represent around 40% of the copied documents. Oh really? It's going to be reviewed?

Tell you a secret about non-profits, schools, and cultural institutions. Their PII policies are ridiculously lax. And also? Most PCI compliance...isn't.

These places are rife with sensitive data (like, say, donor information) that is incredibly valuable to attackers.
In conversationabout a year ago from infosec.townpermalink

Public

Embed Notice

HTML Code

Corresponding Notice