Russell Brandom reports: Ransomware victims have paid more than $25 million in ransoms over the last two years, according to a study presented today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering. By following those payments through the blockchain and comparing them against known samples, researchers were able…
Category: Commentaries and Analyses
Google Groups misconfiguration leads to sensitive data leaks
Zeljka Zorz reports: If your employees are using Google Groups to discuss issues and ideas, you might want to check whether the sharing setting for these groups is set to “Private”. According to RedLock researchers, many companies fail to do so, most probably by accident, and end up exposing messages containing sensitive information on the…
Microsoft opens up a new front in the battle against Fancy Bear
John E. Dunn reports: Can anyone – or anything – take on well-resourced nation state hacking groups? Protected by anonymity and plausible deniability, conventional wisdom says not, but conventional wisdom ignores a company like Microsoft wielding a secret weapon with the power to hinder even the cleverest hacking group: lawyers. This, it has emerged, is…
Stick with Security: FTC to Provide Additional Insights on Reasonable Data Security Practices
From the Federal Trade Commission: As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses. These…
D.C. District Court Expands Government Contractors’ Exposure to Consumer Data Breach Class Actions
Michael Breslin, Christian Henel, Jon Neiditz, and Gunjan Talati of Kilpatrick Townsend & Stockton LLP write: The United States District Court for the District of Columbia recently endorsed private citizens bringing data breach claims directly against a government contractor where the contractor failed adequately to safeguard the citizens’ personal information. In McDowell v. CGI Federal…
U.S. Dept. Of Education Encourages Indiana To Improve Data Security
Claire McInerny reports: The U.S. Department of Education (USED) sent a letter to Superintendent Jennifer McCormick this month outlining problems with the Indiana Department of Education’s security around student data. The state receives grant money from USED for implementing security systems, which opened the state up to an audit. According to the USED letter, the audit’s “objective…