Kartikay Mehrota reports: Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks. These are two of 48 recommendations made by a task force…
Category: Commentaries and Analyses
Experian API Exposed Credit Scores of Most Americans
Brian Krebs reports: Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says…
Cancer patients in the State of Washington had their sensitive records hacked and dumped. Have they been notified?
On February 15, yours truly created an entry in the worksheet I maintain for tabulating U.S. incidents involving health data or protected health information. The entry listed “Capital Medical Center” in Washington as the breached entity, the date of disclosure as February 15, 2021, and the type of incident as a claimed ransomware attack by Avaddon…
District Court in Third Circuit Confirms That, When it Comes to Data Breaches, Actual Misuse Must be Alleged
Aaron C. Garavaglia of Squire Patton Boggs writes: Every federal lawsuit requires standing for the court to have subject matter jurisdiction to hear the case, and standing requires an injury-in-fact. As seen from our coverage this morning out of the Second Circuit. In Derrick McCray v. John E. Wetzel & President, No. 3:20-cv-139, 2021 U.S. Dist. LEXIS…
Is It Ethical To Buy Breached Data?
Gary Stevens writes: Research that’s done on malicious breaches of data presents a unique conundrum for the security professionals who are doing the investigating: should access to sets of breached raw data become available to public users and, if so, how? In light of the pandemic, the acceleration toward location-distributed work has the potential to…
In major ruling, 2nd Circuit says no circuit split on data breaches and standing
Alison Frankel reports: For years, I’ve been writing about a split among the federal circuits on whether data breach victims can establish a right to sue in federal court merely by showing that they are at increased risk of identity theft. Just a couple of months ago, when the 11th U.S. Circuit Court of Appeals held in…