Issued Date: January 19, 2024 [read complete report – pdf] Audit Objective Determine whether Garrison Union Free School District (District) officials secured the District’s network user accounts, established physical controls and maintained inventory records for information technology (IT) equipment, and developed an IT contingency plan. Key Findings District officials did not adequately secure the District’s…
Category: Commentaries and Analyses
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage…
Zero-day, supply-chain attacks drove data breach high for 2023
CSO reports: Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024. A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set in 2023, spurred by zero-day and supply chain attacks, according to the organization’s annual data breach report released Thursday. The report…
Interview with the Knight Group, the heir of Cyclops
Marco A. De Felice, aka amvinfe, writes: It happens very often nowadays to witness the sudden disappearance of ransomware groups that have been active for only a few months. In the last three years, we have counted at least twenty of them that have “vanished from the radar” of journalists and researchers. Some of these…
Current Issues In Data Breach Class Action Settlements
Mark A. Olthoff, Shundra Crumpton Manning of Polsinelli PC summarize some issues raised by recent class action decisions: Very few civil cases ever reach a jury. Nearly every lawsuit is at some point resolved by the court on motion or through settlement. Class action cases are no different, including those filed after data breach incidents….
K-12 Cybersecurity Spending, Insurance on the Rise
Government Technology reports: While school districts have a heightened awareness of cyber attacks and are increasingly improving their defense systems, most indicate that they still need dedicated personnel to better protect their data in addition to stronger collaboration from staff, according to an annual survey by the school software company Clever. Clever’s 27-page report, released this…