From a newly released Joint Cybersecurity Advisory: SUMMARY This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure…
Category: Commentaries and Analyses
Deloitte’s $5M Data Security Deal OK Is Sought by Plaintiffs
Jake Holland reports: A $4.95 million settlement with Deloitte Consulting LLP to resolve claims it created websites with poor security should receive final approval, the plaintiffs are arguing in New York federal court. The deal is fair and provides meaningful relief to affected class members, the plaintiffs argued in a supplemental brief filed Thursday in the U.S….
MO: St. Louis Post-Dispatch reporter won’t be charged in F12 “hack” case
KMTZ reports some welcome news: A Cole County prosecutor will not file charges against a reporter from the St. Louis Post-Dispatch for the alleged data breach of the Missouri Department of Elementary and Secondary Education website. Prosecutor Locke Thompson said in a release while reviewing the case that it would not be in the best…
One year after it started, LendUs discloses that they had a breach
As you read the following press release, note that they do not tell us when they first discovered that there might have been a security breach or incident. Nor do they tell us how they first discovered it. And what’s with this “out of an abundance of caution” claim? If you can’t figure out what…
CISA Alert (AA22-040A): 2021 Trends Show Increased Globalized Threat of Ransomware
Summary In 2021, cybersecurity authorities in the United States,[1][2][3] Australia,[4] and the United Kingdom[5] observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S….
Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
Michael J. Waters and Colin H. Black of Polsinelli write: Tech Transactions & Data Privacy 2022 Report Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data…