Charlie Osborne reports: Fortune 500 companies are losing millions of dollars due to new and sophisticated phishing scams conducted by cyberattackers, IBM has discovered. On Wednesday, researchers from IBM’s X-Force Incident Response and Intelligence Services (IRIS) team said the Business Email Compromise (BEC) scheme is currently active and is successfully targeting Accounts Payable (AP) teams…
Category: Commentaries and Analyses
AU: Immigration department reveals string of data breaches
Rohan Pearce reports: The immigration department has revealed that over the last five years it has reported 18 data breaches to the Office of the Australian Information Commission. In an answer to a question on notice from a Senate Estimates hearing earlier this year, the Department of Immigration and Border Protection (DIBP) revealed it reported…
Can Your Business be Liable for an Employee’s Intentional Data Leak?
Revision Legal has a post about insider leaks. The article starts by discussing the Morrisons case in the UK, where an employee vindictively leaked data. In a ruling that surprised many, the court held that although Morrisons was a victim of their employee, other employees who sued Morrisons could hold Morrisons liable: This creates, in…
Update on Colorado’s Proposed Privacy and Cybersecurity Legislation
David M. Stauss and Gregory Szewczyk of Ballard Spahr LLP write: As we first reported in our January 22, 2018, alert, the Colorado legislature is considering legislation that, if enacted, would significantly change Colorado privacy and data security law. On Wednesday, February 14, 2018, the bill’s sponsors submitted an amended bill that addresses issues raised by numerous stakeholders, including Ballard…
House Draft Data Security Bill Preempts Stronger State Safeguards
From EPIC.org: Rep. Luetkemeyer (R-MO) and Rep. Maloney (D-NY) circulated a draft bill, the “Data Acquisition and Technology Accountability and Security Act,” that would set federal requirements for companies collecting personal data and require prompt breach notification. The Federal Trade Commission, which has often failed to pursue important data breach cases, and state Attorneys General…
‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers
Joseph Cox reports: Contractors, governments, and telecom giants have all previously left data on exposed Amazon Web Services (AWS) servers, meaning anyone can access them without a username or password. Now, a search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the…