The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led…
Category: Commentaries and Analyses
Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment
Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. First, the Dutch SA decided that the company was required to perform a DPIA…
UK: Coventry school reprimanded for data breach after IT system ‘hacked three times’
Claire Harrison reports: A Coventry school has been reprimanded for data breaches after its IT system was ‘hacked three times’. In doing so, the Information Commissioners Office has said that Finham Park Multi Academy Trust did not have adequate account lockout or password policies in place.. The ICO said, in a report, that an unauthorised third party…
Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions
Just days after prosecutors in the Eastern District of Virginia recommended that Conor Fitzpatrick, aka “Pompompurin,” be sentenced to at least 15 years in prison, District Judge Leonie M. Brinkema sentenced him to time served and supervised release. As DataBreaches previously reported, Fitzpatrick, the owner of the first BreachedForums site, pleaded guilty in July to…
German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @[email protected] German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL…
Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
Emma Woollacott reports: Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks. Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident…