Victoria Leigh of Squire Patton Boggs writes: Following on from a string of cases in 2021 concerning minor data breaches (see our earlier article here), two further cases in Q1 of 2022 have continued the trend of High Court scepticism. Such compensation claims, usually involving multiple causes of action, often find themselves trimmed down and sent…
Category: Commentaries and Analyses
Open source packages with millions of installs hacked to harvest AWS credentials
ITPro reports: Software developers and cyber security experts have discovered a new software supply chain hack that is attempting to harvest Amazon Web Services (AWS) cloud credentials. The compromise of two popular open-source packages – Python’s eight-year-old CTX and PHP’s phpass – has led to developers scrambling to understand their exposure to the threat. A combined 3 million users…
FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”
Joseph Lazarrotti of JacksonLewis writes: On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach…
The truth about China’s Uyghur camps Beijing is trying to hide: Hacked data reveals thousands of prisoners forced to undergo ‘re-education’… with a shoot-to-kill policy for anyone who tries to flee
Chris Pleasance reports: Thousands of photographs, spreadsheets and classified documents hacked from Chinese police servers have shed a horrifying new light on the terrors Uyghur Muslims have been subjected to in ‘re-education camps’ and prisons in Xinjiang, as part of a state-sponsored campaign aimed at ‘breaking’ their cultural identity. The treasure trove of data lays…
Malaysia: Govt must be transparent, outcome of alleged data breach probe must be made public
Zarrah Morden reports: Transparency International Malaysia (TI-M) today expressed concern over the alleged data leaks and sale of personal data belonging to Malaysians and urged the government to publicly disclose the results of police investigation into the matter. […] It also suggested that legislators study what is lacking in existing legislation, leading to solutions that…
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
Yelisey Bogusalvskiy & Vitali Kremez write: On May 19, 2022, the admin panel of the Conti ransomware gang’s official website, Conti News, was shut down. The negotiations service site was also down, while the rest of the infrastructure: from chatrooms to messengers, and from servers to proxy hosts was going through a massive reset. Conti…