Zack Whittaker report: Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states. For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted…
Month: December 2020
Helena Public Schools notifies some employees after burglar snatched USB with their timesheets
Helena Public Schools recently notified some current and former employees involved in the after-school student program that their data was on a stolen USB drive. According to their notification letter, on September 28, 2020, the district discovered that the Lincoln Elementary School building had been burglarized over the previous weekend. Among several items that were…
Federal financial regulators propose computer-security incident notification for banks
Sindhu Ajay reports: The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers. The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of…
Maintaining privilege over forensic data-breach reports
Steven Morphy, James Shreve, and Luke Sosnicki of Thompson Coburn LLP offer some commentary on difficulties in the current climate about claiming that forensic data-breach reports are privileged. After discussing some recent decisions, they offer some takeways to help entities. The first tip is: At the most basic level, companies should involve outside counsel in…
DoppelPaymer dumps data from public school districts in Mississippi and Montana
Why ransomware threat actors go after small school districts with few resources still puzzles me. The districts may be “low-hanging fruit” from a security perspective, but they generally do not have the resources to pay big ransom demands. So why target them? My puzzlement notwithstanding, a number of ransomware teams do attack k-12 districts. DoppelPaymer…
GenRx Pharmacy Breach Notice Shows How to Do It Right
This may be one of the best breach notifications I have ever read — for its plain language, clarity, and lack of attempt to spin. Not only did these folks respond promptly to an attack, but they had usable backups, stopped the attack quickly, and just…. handled this so well, it seems. Maybe they didn’t…