Christopher Bing and Joseph Menn report: President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. […] To replace Krebs at the…
Category: Commentaries and Analyses
An Overview of Cybersecurity Law in Taiwan
John Eastwood, Nathan Snyder, Wendy Chu, David Rosenthal and Lloyd G. Roberts III of Eiger write: 1. GOVERNING TEXTS In Taiwan, there are two main branches of legislation pertaining to information security: legislation on cybersecurity and legislation protecting personal data. While the information security aspects of personal data protection legislation (mainly the PDPA) only apply…
EDPB Publishes Guidelines on Examples regarding Data Breach Notification
Hunton Andrews Kurth writes: On January 18, 2021, the European Data Protection Board (“EDPB”) released draft Guidelines 01/2021 on Examples regarding Data Breach Notification (the “Guidelines”). The Guidelines complement the initial Guidelines on personal data breach notification under the EU General Data Protection Regulation (“GDPR”) adopted by the Article 29 Working Party in February 2018. The new draft…
CHwapi hospital hit by ransomware; operations canceled, and another city hit
Another hospital has been hit with ransomware. The following is a Google translation of a report The CHwapi, hospital center of Picardy Wallonia in Tournai, was the victim of a computer attack on Sunday evening. All non-urgent operations were canceled on Monday. No ransom demand has been demanded, according to management. The CHwapi was the…
Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation’s Cloud Services
Graham Cluley writes: The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety…
Polish DPA fines Virgin Mobile Polska €460,000: Incidental safeguards review is not regular testing of technical measures
The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 million (EUR 460,000) on Virgin Mobile Polska for the lack of implemented appropriate technical and organisational measures to ensure the security of the processed data. UODO stated that the company infringed the principles of data confidentiality and accountability specified in…