A recent notification by Aon had DataBreaches wondering exactly what went on with their incident response. Consider their description of what happened: What Happened? On February 25, 2022, Aon identified a cyber incident that, upon investigation, impacted a limited number of systems. Once the incident was discovered, Aon immediately retained leading cybersecurity firms to assist…
Category: Commentaries and Analyses
Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing
James Bogan III of Kilpatrick Townsend & Stockton LLP writes: Takeaway: In a prior article, we reported on the Second Circuit’s decision in McMorris v. Carlos Lopez & Associates, LLC, 995 F.3d 295 (2d Cir. 2021), in which the court, ruling on an issue of first impression, set out a non-exhaustive three-factor test for determining…
Food For Files: GoodWill Ransomware demands food for the poor to decrypt locked files
Waqas reports: GoodWill ransomware attackers share a three-page ransom note asking the victim to perform three tasks to get the decryption key- they want them to donate to the homeless, feed poor kids, and provide financial assistance to a patient in need. CloudSEK Threat Intelligence Research team has warned about new ransomware dubbed GoodWill Ransomware that can…
UK: Two More Nails in the Coffin for Opportunistic Data Breach Claims
Victoria Leigh of Squire Patton Boggs writes: Following on from a string of cases in 2021 concerning minor data breaches (see our earlier article here), two further cases in Q1 of 2022 have continued the trend of High Court scepticism. Such compensation claims, usually involving multiple causes of action, often find themselves trimmed down and sent…
Open source packages with millions of installs hacked to harvest AWS credentials
ITPro reports: Software developers and cyber security experts have discovered a new software supply chain hack that is attempting to harvest Amazon Web Services (AWS) cloud credentials. The compromise of two popular open-source packages – Python’s eight-year-old CTX and PHP’s phpass – has led to developers scrambling to understand their exposure to the threat. A combined 3 million users…
FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”
Joseph Lazarrotti of JacksonLewis writes: On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach…