It feels like it’s been a while since we’ve seen an FTC data security case (well, apart from Zoom’s issues). Today, FTC issued a press release about a settlement stemming from SkyMed International’s misconfigured elastic search instance that exposed more than 130,000 people’s information. The exposed data were discovered by Jeremiah Fowler and reported in…
Category: Commentaries and Analyses
Ethical Hacker Who Claimed To Access Trump’s Twitter Account Won’t Be Criminally Charged by Dutch Prosecutor
Robert Hart reports: A hacker who claimed to have logged into President Donald Trump’s Twitter account in October will not be punished because he tried to contact American authorities and report the security breach, a Dutch prosecutor announced Wednesday following a police investigation into the incident by the country’s High Tech Crime Team. Read more on Forbes. My…
Regulatory Crackdown on Ransomware
Seetha Ramachandran, Nolan Goldberg and Hena M. Vora of Proskauer write: It is increasingly common for Ransomware attacks to be associated with large sophisticated cyber-criminal organizations, with a central entity providing the tools, training, and ability to collect ransoms and sending its “associates” out to cause harm. As long as victims continue to pay ransoms, Ransomware…
Hackers at center of sprawling spy campaign turned SolarWinds’ dominance against it
Raphael Satter and Christopher Bing have a somewhat mind-boggling update to the SolarWinds hack – a hack that will be remembered as one of the biggest and most concerning hacks of 2020. And it’s only likely to get worse for SolarWinds, whose stock already dropped significantly. We know that companies can recover from breaches and…
Data Protection Commission announces decision in Twitter inquiry
15th December 2020 The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International Company. The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms…
Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019
From the moment it was disclosed, it seemed clear that the Desjardins breach of 2019 that involved a rogue employee was going to cause big trouble for Desjardins. And sure enough, in one day, they were hit with two potential class action lawsuits. Desjardins subsequently announced they were expanding the mitigation services being offered, but…