As seen on the European Data Protection Board website, a decision that reminds us how broad the definition of “personal information” is in the GDPR. The monetary penalty is not large by U.S. standards (slightly more than $12,100.00), but it’s the point and notification required. Background information Date of final decision: 6 July 2022 National…
Category: Commentaries and Analyses
CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act
Jim Garland, Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022…
Correction
On September 20, DataBreaches published a post about an alleged hack of Ask.FM data from what was described as a March, 2020 hack. Ask.FM had not replied to this site’s inquiries by the time of publication. Ask.FM replied today and reminded me that they had addressed this same claimed hack in December 2021 when this…
Bjorka, the Online Hacker Trying To Take Down the Indonesian Government
Aisyah Llewellyn reports: The first that Indonesia heard about the hacker now known as Bjorka came when news broke at the beginning of September of a massive data leak. Some 1.3 billion SIM card registration details were stolen and listed for sale on a dark web online marketplace. The data was harvested in part as…
Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund
Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms, and Jonathan M. Weiss of Proskauer write: …. Cyberattacks, by their very nature, know no borders and nor therefore should a private fund’s response The first of this two-part series considers immediate incident response steps and analyses whether to pay a ransom, from U.S.,…
Morgan Stanley to pay $35 million fee for ‘astonishing’ customer data disposal practices
Jonathan Greig reports: Morgan Stanley will pay a $35 million penalty to settle charges from the U.S. Securities and Exchange Commission for wide-ranging failures around properly disposing of hard drives and servers containing the personal information of some 15 million customers. The company did not respond to requests for comment, but the SEC said in…