Catalin Cimpanu reports: A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. Also known as MitM (Man-in-the-Middle) phishing toolkits, these tools have become extremely popular in the cybercrime underworld in recent years after major…
Category: Commentaries and Analyses
Washington State Data Breaches in 2021 – Analysis
The Washington State Attorney General report on data breaches reported to their office in 2021 shows a significant increase over previous years. No surprise there, right? From the Executive Summary: 2021 set a new record for the highest number of data breach notices sent to Washingtonians (6.3 million). This represents approximately an 80% increase on…
2021 Year in Review: Data Breach and Cybersecurity Litigations
Kristin Bryan, Rafael Langer-Osuna, Jesse Taylor, and Katie Sharpless of Squire Patton Boggs write: 2021 was another year of high activity in the realm of data event and cybersecurity litigations with several noteworthy developments. CPW has been tracking these cases throughout the year. Read on for key trends and what to expect going into the…
Phishing victim can’t claim $5 million loss for money it never ‘held’
File this one under how-well-do-you-really-understand-your-cyberinsurance-policy. Barbara Grzincic reports: A commercial-crime insurance policy didn’t cover RealPage for a $5 million phishing loss because the property-management service provider never “held” any of the purloined money, a federal appeals court held. The 5th U.S. Circuit Court of Appeals affirmed a win for AIG’s National Union Fire Insurance Company…
Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe.
Odia Kagan of Fox Rothschild writes: A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe. According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages…
If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate
Jean E. Tomasco of Robinson & Cole writes about a breach involving an accounting firm that is a business associate to a number of covered entities. This month, the firm, Bansley & Kierner, issued a notice and started notifying individuals and HHS. But the time frame for discovery and notification has resulted in a potential…