Angus Loten and James Rundle report: The Trump administration wants state and local governments to play a bigger role in protecting water utilities, ports and other critical infrastructure from cyberattacks. In an executive order signed Tuesday, President Trump directed White House senior security advisers to draw up a national resilience plan to protect critical infrastructure…
Category: Commentaries and Analyses
Attorney General James Secures $975,000 from Auto Insurance Company over Data Breach
From a March 20 press release from NY Attorney General Letitia James: NEW YORK – New York Attorney General Letitia James today secured $975,000 in penalties from Root, an auto insurance company, for failing to protect the personal information of approximately 45,000 New Yorkers. The data breach was part of an industry-wide campaign to steal consumers’…
Security Researcher Comments on HIPAA Security Rule
As long-time readers know, DataBreaches has occasionally run into difficulties when trying to helpfully notify entities of their data leaks or breaches. In other cases, independent researchers have also reported frustration with trying to get entities to respond to responsible disclosures. More often than not, initial attempts at disclosure are ignored or go to spam…
Casual White House Starlink Use Is A Cybersecurity Nightmare, A Transparency Problem, And A Weird Marketing Stunt
from the but-her-emails dept at TechDirt: Wed, Mar 19th 2025 05:26am – Karl Bode It’s best to view Elon Musk’s DOGE as an attack. While right wing propaganda (and gullible media outlets and politicians) frame DOGE as a “cost saving” effort at “improving government efficiency,” that’s just flimsy-ass cover for its real purpose: the dismantling of corporate…
The Escalating Challenge of Insider Threats
NISOS’s new blog post is on one of DataBreaches’ favorite topics — the insider threat. Here are some snippets from their blog post: The surge in insider threats is alarming. The 2024 Verizon Data Breach Investigations Report (DBIR) reveals that insider-related incidents constitute nearly 60% of all data breaches, underscoring the pressing need for robust internal security…
Australia Sues FIIG Investment Firm in Cyber ‘Wake-Up Call’
Jayant Chakravarti reports: The Australian financial regulator has filed a lawsuit against FIIG Securities, accusing the leading investment and financing company of lacking adequate cybersecurity controls to stop a threat actor from stealing confidential personal information of 18,000 customers. The Australian Securities and Investments Commission said it decided to sue Brisbane-headquartered FIIG Securities in Federal Court after…