Ben Hancock discusses another strategy for responding to state hacking: trying to sue them under the CFAA, although state claims would also be needed: “It is important to consider other, complementary options,” added Hinnen, who previously dealt with national security issues as a senior lawyer at the Justice Department. “One option worth consideration is enabling…
Category: Commentaries and Analyses
Vermont Restaurant Settles Charges by Attorney General’s Office Over Credit Card Fraud
Caroline Strange reports that the Grand Buffet restaurant in Essex Junction, Vermont, has settled charges brought by the VT Attorney General’s Office following an investigation into credit card fraud that affected the restaurant’s customers. If that sounds a bit atypical to you (it did to me), it turns out that the restaurant had known there was…
Horizon Blue Cross Blue Shield Pays $1.1M For Customer Data Breach
Jerry DeMarco reports: Horizon Blue Cross Blue Shield of New Jersey agreed to pay $1.1 million and improve data-security practices to settle charges that it failed to properly protect the privacy of nearly 690,000 state policyholders whose personal information was contained on two laptops stolen from the insurer’s Newark headquarters. The insurance giant — New…
State Data Breach Notification Laws: February 2017 Privacy Update
Cynthia J. Larose and Michael B. Katz of Mintz Levin write: During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were considering new regulations or amendments to their existing security breach…
CYBERSECURITY: Actions Needed to Strengthen U.S. Capabilities
From a GAO report 17-440T released today: What GAO Found GAO has consistently identified shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve…
Open Databases a Juicy Extortion Target (and a Sitting Duck for Malicious Destruction)
I’ve reported on this concern before, but Tom Spring has a nice write-up on ThreatPost that begins: Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from…