Commissioner for Data Protection, Helen Dixon, has today launched the Irish Data Protection Commission’s Annual Report for 2022. Highlights of the 2022 Annual report include: The DPC concluded 17 Large-Scale inquiries, with administrative fines in excess of €1billion and multiple reprimands and compliance orders imposed. Additionally, as at 31 December 2022, 4 DPC draft decisions…
Category: Commentaries and Analyses
Medusa claims responsibility for Minneapolis Public Schools’ “encryption event,” provides proof of how much data they accessed
There’s another update to the “encryption event” first disclosed by Minneapolis Public Schools (MPS) in February. As of their most recent last update, MPS had stated that they had been able to restore systems and no ransom had been paid. At that time, DataBreaches had not found any gang claiming responsibility for the breach or…
Where are the women in cyber security? On the dark side, study suggests
Brandon Vigliarolo reports: If you can’t join them, then you may as well try to beat them – at least if you’re a talented security engineer looking for a job and you happen to be a woman. As we’ve noted before, the infosec world moves at a glacial pace toward gender equity. It appears that’s…
Medicare under attack: Healthcare data breaches increase fraud risks
Melissa D. Berry reports: Stealing Medicare beneficiary identification numbers has become the latest goal for cybercriminals who see this data as even more valuable than stolen credit cards. A South Florida man pled guilty in federal court in late-January to “conspiring to buy and sell more than 2.6 million Medicare beneficiary identification numbers” and other…
FTC Publishes Blog Post on Data Security Practices for Complex Systems
Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders. Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.” These practices include: (1) offering multi-factor…
Cyber Plan Would Hold Software Makers Responsible in Hacks
Katrina Manson reports: The Biden administration is set to release an aggressive new national cybersecurity strategy on Thursday that seeks to shift the blame from companies that get hacked to software manufacturers and device makers, putting it on a potential collision course with big technology companies. The 35-page strategy, shared in advance with a group…