J. M. Porup reports: Burning malware is like Hercules fighting the nine-headed Hydra. For every head he cuts off, two more grow back in its place. That’s the lesson from a new report by Cylance today, and one both enterprise network defenders—and the public at large—should pay attention to. Cyber mercenaries sell malware to oppressive…
Category: Commentaries and Analyses
This Is What The Morrisons Data Leak Class Action Means For Future Breaches
Kate O’Flaherty reports: UK supermarket Morrisons is facing a massive payout to staff after losing the first data leak class action in the UK. It comes after Andrew Skelton, a senior internal auditor at the retailer’s Bradford headquarters, leaked employee data online in 2014. Last year, a court ruled the firm was liable for his actions….
GSA Took 800 Days to Notify Some Data Breach Victims
Joseph Marks reports: It took the General Services Administration more than 800 days to notify a handful of people that it had accidentally exposed their personal information, according to an audit released Friday. In another case, the agency took six months just to determine that a data breach related to background investigation information had occurred,…
Super Micro trashes Bloomberg chip hack story in recent customer letter
Catalin Cimpanu reports: In a letter sent to customers last week, Super Micro Computer (dba Supermicro) has thrashed a Bloomberg article that claimed the company’s motherboards contained a secret chip inserted by the Chinese government for cyber-espionage purposes. “We are confident that a recent article, alleging a malicious hardware chip was implanted during the manufacturing…
Ca: AHS failed to protect health information, privacy commissioner finds
We had noted this breach on this site back in 2016, but here’s the follow-up. CBC reports: Alberta Health Services has come under fire from the province’s privacy commissioner for its role in the largest and longest-duration privacy breach AHS has ever experienced. The Office of the Information and Privacy Commissioner reported Wednesday that a former AHS…
ABA ethics opinion offers guidance on data breaches
Jason Tashea reports: Lawyers have to safeguard client data and notify clients of a data breach, and the ABA Standing Committee on Ethics and Professional Responsibility has issued a formal opinion that reaffirms that duty. In Formal Opinion 483, issued Tuesday, the standing committee also provided new guidance to help attorneys take reasonable steps to…