Jeffrey P. Taft and Matthew Bisanz of Mayer Brown write: On January 7, 2019, the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.1 As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services…
Category: U.S.
‘Worst’ Ransomware Attack Hits Salisbury Police Department in Maryland
NBC Washington reports: A Maryland police department says it experienced its “worst computer network attack” in its history, after the attacker accessed its network through a longtime software vendor. Salisbury police Capt. Rich Kaiser tells The Daily Times of Salisbury that the department’s entire internal computer network was compromised Jan. 9 in a ransomware attack….
Alaska notifying at least 500,000 residents about data security breach previously disclosed in June
Update: The state subsequently revised its estimate to 87,000 letters. How did it get the numbers so wrong — apart from the question of why it has taken so long to send out notifications. This does NOT inspire confidence in the state’s ability to protect ePHI and to notify people promptly in the event…
Why doesn’t Twitter have a way to notify them of leaks or concerns outside of a bug bounty program?
L33tdawg writes: Twitter has owned up to a privacy goof that exposed some Android users’ private tweets. That would be bad enough if the problem existed for an hour, or a day, or a month. But unfortunately for Twitter (and affected users) the problem was present from November 3 2014 until January 14 2019. That’s…
Graeter’s: Website breach could compromise 12,000 customers’ credit card data
WLWT reports: Cincinnati-based Graeter’s ice cream has issued notices to thousands of customers: Your credit card information may be compromised. The ice cream chain sent out 12,000 notices to customers who made purchases on Graeter’s website last year, saying that an “unauthorized code” was added to the website’s checkout page. As a result, thousands of…
Valley Hope Association notifies patients after employee email hack
Note: VHA’s notice on their web site emphasizes that no diagnostic or treatment information was exposed. Given the nature of this provider, that will be a relief to many patients. Because this incident is not yet posted on HHS’s public breach tool, we do not yet have the number being notified. The following is VHA’s…