Those in the privacy law community will remember Danielle Citron’s seminal research on state attorneys general and their role in investigating privacy and data security breaches. I reported on that research back in June, 2016 on PogoWasRight.org. As those who are regular readers of this site know, there have been more announcements of multi-state settlements…
Category: Commentaries and Analyses
GoDaddy cold-hearted phishing exercise got employees’ hopes up — only to dash them
GoDaddy really f***ed up. There’s simply no other way to put it even though they try to justify it by saying that they mimicked really forces in play these days. On December 23, Lorraine Longhi tweeted: With the holidays around the corner, GoDaddy employees received an email last week offering some welcome financial relief: a…
Dell Wyse Thin Client scores two perfect 10 security flaws
Thomas Claburn reports: Dell, which pitches its Wyse ThinOS as “the most secure thin client operating system,” plans to publish an advisory on Monday for two security vulnerabilities that are as bad as they could possibly be. CVE-2020-29491 and CVE-2020-29492 are both critical flaws, managing a perfect (although unwelcome) CVSS score of 10 out of…
SolarWinds Adviser Warned of Lax Security Years Before Hack
There will be those who say that this is not the time to look back at mistakes made, or this is not the time to point fingers while we are still in the midst of understanding the scope of a major attack and what needs to be done, but …. yes, this piece by Ryan…
Security Firms Form the ‘Ransomware Task Force’ Hoping to Place an Embankment
Bill Toulas reports: A group of 19 large companies and experts in the field of cybersecurity have felt the need to do something tangible to stop the rise of the ransomware threat, and so they have united forces under the ‘Ransomware Task Force’ (RTF). The group has the goal of developing new technical solutions, as…
Twitter Fine: a View into the Consistency Mechanism, and “Constructive Awareness” of Breaches
Mark Young, Shona O’Donovan and Paul Maynard of Covington & Burling writes about the recent news-making fine the DPC issued to Twitter. They write, in part: Process aside, the DPC’s decision contains some interesting points on when a controller is deemed to be “aware” of a personal data breach for the purpose of notifying a…