Alex Berengaut of Covington & Burling analyzes some of the legal issues raised by the indictment of Marcus Hutchins (@malwaretechblog) for allegedly creating and conspiring to sell malware known as the Kronos banking trojan. He writes, in part: Since Hutchins’ indictment, commentators have questioned whether the creation and selling of malware—without actually using the malware—violates…
Category: Commentaries and Analyses
NYS State Comptroller DiNapoli audit of City of Yonkers
Well, this sounds like an epic FAIL on the City of Yonker’s part, doesn’t it? City of Yonkers – Information Technology (Westchester County) The IT department’s acceptable computer use policy was not signed or acknowledged by all employees and city officials have also not classified personal, private and sensitive information based on its level of…
UK: Medical records of Norfolk patients found in a petrol station, a King’s Lynn restaurant and on the pavement
Tom Bristow reports: The region’s hospitals have dismissed staff and said they are tightening up how they look after patients records in the wake of the breaches. More than 650 data protection incidents were reported in the region’s NHS trusts last year, according to data obtained by this newspaper through the Freedom of Information Act….
Convicted Russian hacker cashes in on fame with new book, Putin souvenirs
Amy Kellogg reports: A convicted Belarussian cybercriminal who was part of the biggest data theft in U.S. history said it’s much easier to hack into government computers than it is to break into big banks and credit card company servers. Sergey Pavlovich, 34, also boasted that Russia had some of the best hackers in the…
Veterans group sues Pentagon after personal military records exposed
Vera Bergengruen reports: A veterans organization is suing the Pentagon for exposing private details about troops’ military service on “a truly massive scale” due to lax security on one of its websites. […] The Servicemembers Civil Relief Act website, which according to the Pentagon receives more than 2.3 billion searches a year, is mean to…
How to report a data breach under the GDPR
Conor Donnelly writes: One of the main changes under the GDPR is that all organisations must report a personal data breach to their supervisory authority within 72 hours, and in some cases to the individuals affected. What is a personal data breach? A personal data breach refers to a breach of security that can lead…