Thomas Gerbet reports (machine translation follows): Contrary to what the Minister of Digital Transformation, Eric Caire, said, the Quebec government has never offered immunity to the computer scientist who discovered the security flaw in the VaxiCode health passport application. Exchanges of emails obtained by Radio-Canada reveal the underside of this affair and show that the…
Category: Commentaries and Analyses
Singapore adds a third bug bounty program – this time to fortify government digital services
Laura Dobberstein reports: Singapore’s governmental digital services arm, GovTech, has launched a “rewards programme” to further crowdsource tests of the nation’s cybersecurity. The Vulnerability Rewards Programme (VRP) joins the Government Bug Bounty Programme (GBBP) and the Vulnerability Disclosure Programme (VDP), all of which work alongside the government’s own security checks. Read more on The Register.
Indian companies go scot-free despite breach of customer data
Vishal Raghavan has an opinion piece in The Leaflet about the failure of Indian firms to notify customers of breaches or to be held accountable and fined monetarily by regulators. He begins by reviewing a number of high-profile breaches reported in the last year or so, and the notes that all of the companies didn’t…
Cybercriminals are holding schools ransom for billions and some are paying up
R. Dallon Adams reports: In recent months, a slew of cyberattacks hamstrung domestic meat and petroleum production and also set off a few alarms at a Florida water treatment facility. With companies willing to shell out big bucks to bring their companies back online and risk further fallout, it’s becoming increasingly clear that no sector…
Ruling Breaks New Ground For CGL Policy Data Breach Coverage Hackings
Peter Selvin of Ervin Cohen & Jessup writes: A recent case from the 5th U.S. Circuit Court of Appeals breaks new ground on the question of whether a commercial general liability policy provides coverage for damages arising from a data breach caused by a third-party hacker. Landry’s Incorporated v. Insurance Company of the State of Pennsylvania, 4…
New York State Comptroller DiNapoli Releases More School District Audits
Comptroller DiNapoli released more school district audits this week. As this site has done in the past, we are listing the ones that deal with information technology. The summaries are below; the links take you to the fuller reports, but as as always: (1) the results are not good (to put it as diplomatically as…