Michael J. Waters and Colin H. Black of Polsinelli write: Tech Transactions & Data Privacy 2022 Report Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data…
Author: Dissent
UK: ‘Human error’ let criminals hack SEPA’s systems with £42m unaccounted for
David Bol reports: Scotland’s auditor general has revealed that a huge cyber attack on the Scottish Environmental Protection Agency (Sepa) was carried out after “human error” allowed criminals to access systems. Sepa suffered a huge ransomware attack on Christmas Eve in 2020 which led to around 1.2GB of data, amounting to at least 4,000 files,…
SEC’s breach notification proposal one step closer to a final vote
Tonya Riley reports: The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers…
Ransomware dev releases Egregor, Maze master decryption keys
Lawrence Abrams reports: The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer. […] Fast forward 14 months later, and the decryption keys for these operations have now been leaked in the BleepingComputer forums by a user named ‘Topleak’ who claims to be…
NIST Publishes Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products
Micaela McMurrough, Ashden Fein, and Matthew Harden of Covington and Burling write: On February 4, 2022, the National Institute of Standards and Technology (“NIST”) published its Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products (“IoT Criteria”). The IoT Criteria make recommendations for cybersecurity labeling for consumer IoT products, in other words, for IoT…
Georgia voter info posted online after breach of software company
Mark Niesse reports: A data breach of the voting software company EasyVote Solutions exposed Georgia voters’ registration information on the internet, the company confirmed Tuesday. Public information about voters was posted to an online forum, but the breach didn’t involve Social Security numbers or driver’s license numbers, said Charles Davis, chief financial officer for EasyVote. Voter…