Daniel Kagan of Murtha Cullina cuts to the chase: On February 16, 2018, the U.S. Supreme Court denied certiorari to review CareFirst’s appeal of the U.S. Court of Appeals, D.C. Circuit’s decision in Attias v. Carefirst, Inc., 865 F.3d 620 (D.C. Cir. 2017). The D.C. Circuit held that the threat of harm from a data breach…
Category: Commentaries and Analyses
Higher Ed Users Are Less Susceptible to Phishing Scams
Meghan Bogardus Cortez reports: University end users are pretty good at identifying a scam. Only 10 percent of simulated phishing emails sent to users at education institutions were successful, a new study from Wombat Security Technologies reports. The company monitored tens of millions of simulated phishing attacks sent over the course of a year through…
Phishing schemes net hackers millions of dollars from Fortune 500
Charlie Osborne reports: Fortune 500 companies are losing millions of dollars due to new and sophisticated phishing scams conducted by cyberattackers, IBM has discovered. On Wednesday, researchers from IBM’s X-Force Incident Response and Intelligence Services (IRIS) team said the Business Email Compromise (BEC) scheme is currently active and is successfully targeting Accounts Payable (AP) teams…
AU: Immigration department reveals string of data breaches
Rohan Pearce reports: The immigration department has revealed that over the last five years it has reported 18 data breaches to the Office of the Australian Information Commission. In an answer to a question on notice from a Senate Estimates hearing earlier this year, the Department of Immigration and Border Protection (DIBP) revealed it reported…
Can Your Business be Liable for an Employee’s Intentional Data Leak?
Revision Legal has a post about insider leaks. The article starts by discussing the Morrisons case in the UK, where an employee vindictively leaked data. In a ruling that surprised many, the court held that although Morrisons was a victim of their employee, other employees who sued Morrisons could hold Morrisons liable: This creates, in…
Update on Colorado’s Proposed Privacy and Cybersecurity Legislation
David M. Stauss and Gregory Szewczyk of Ballard Spahr LLP write: As we first reported in our January 22, 2018, alert, the Colorado legislature is considering legislation that, if enacted, would significantly change Colorado privacy and data security law. On Wednesday, February 14, 2018, the bill’s sponsors submitted an amended bill that addresses issues raised by numerous stakeholders, including Ballard…