Liisa Thomas, Sarah Aberg, Kari Rollins, and Katherine Boy Skipsey write: The SEC recently issued a risk alert warning about using vendors and cloud-based platforms. Many broker dealers and investment advisors are turning to these third parties to store customer data. In its alert, the SEC’s Office of Compliance Inspections and Examinations warns firms that…
Category: Commentaries and Analyses
Two hacking groups responsible for huge spike in hacked Magento 2.x stores
Catalin Cimpanu reports: Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security. This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March…
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
From Hunton Andrews Kurth: On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates. Read more…
SG: Firm fined $4k by PDPC for leak of more than 400 national servicemen’s data
Lim Min Zhang reports: A firm has been fined $4,000 by Singapore’s privacy watchdog for the leak of the personal data of more than 400 national servicemen on June 12 last year due to a technical error. The data comprised the log-in identifications, e-mail addresses, delivery addresses and mobile phone numbers of 427 men from…
And so it begins… state attorneys general investigating American Medical Collection Agency breach
From the Illinois Attorney General’s Office: Chicago — Attorney General Kwame Raoul and Connecticut Attorney General William Tong today announced an investigation into the data breach at American Medical Collection Agency, which may have exposed the personal information of nearly 12 million patients of Quest Diagnostics (Quest) and 7.7 million Laboratory Corporation of America (LabCorp) patients. Raoul…
“Achilles”, Hacker Behind Attacks on Military Shipbuilders, UNICEF & International Corporations
From AdvIntel: Executive Summary Background: “Achilles” is an English-speaking threat actor primarily operating on various English-language underground hacking forums as well as through secure messengers. Achilles specializes in obtaining accesses to high-value corporate internal networks. Verticals: Achilles victims are primarily private sector entities; however, the actor also targeted public domains, government-affiliated companies, and international organizations….