The past few days have not been great ones for k-12 districts. As this site reported, DoppelPaymer ransomware threat actors recently dumped data from both Pascagoula-Gautier School District in Mississippi and Gardiner Public Schools in Montana. Now a third school district has also had some of their data dumped. On December 14, this site had…
Category: Commentaries and Analyses
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…
Federal financial regulators propose computer-security incident notification for banks
Sindhu Ajay reports: The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers. The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of…
Maintaining privilege over forensic data-breach reports
Steven Morphy, James Shreve, and Luke Sosnicki of Thompson Coburn LLP offer some commentary on difficulties in the current climate about claiming that forensic data-breach reports are privileged. After discussing some recent decisions, they offer some takeways to help entities. The first tip is: At the most basic level, companies should involve outside counsel in…
DoppelPaymer dumps data from public school districts in Mississippi and Montana
Why ransomware threat actors go after small school districts with few resources still puzzles me. The districts may be “low-hanging fruit” from a security perspective, but they generally do not have the resources to pay big ransom demands. So why target them? My puzzlement notwithstanding, a number of ransomware teams do attack k-12 districts. DoppelPaymer…
GenRx Pharmacy Breach Notice Shows How to Do It Right
This may be one of the best breach notifications I have ever read — for its plain language, clarity, and lack of attempt to spin. Not only did these folks respond promptly to an attack, but they had usable backups, stopped the attack quickly, and just…. handled this so well, it seems. Maybe they didn’t…