@SwiftonSecurity kept telling everyone on Twitter that we #MUSTREAD the story of what happened at Shapeshift.io. And with good reason: it’s a phenomenal account of an insider breach told with the kind of refreshing honesty that’s often missing in most breach disclosures. It also reads like a thriller. I’m going to give readers a different…
Category: Commentaries and Analyses
So does Spokeo v. Robins help plaintiffs or defendants?
I’ve read some of the commentaries on the recent U.S. Supreme Court decision in Spokeo v. Robins, as both sides claimed victory. Today, I read commentary by Venkat Balasubramani and Eric Goldman. Both seemed to suggest that the decision may be of greater benefit to defendants in data breach lawsuits than to plaintiffs. Here’s a snippet from Venkat’s…
Court rejects Jetro’s argument in attempt to recoup fines and penalties over breaches
Long-time readers will remember the Restaurant Depot/Jetro breaches reported in 2011 and 2012. It appears that Jetro tried a novel approach to recovering some of the monies the breach cost them. As Dennis S. Klein, Jeffrey B. Goldberg, and Tyler Grove of Hughes Hubbard & Reed LLP explain, the court wasn’t buying their novel argument: … To allow its customers to…
Did some disgrace besmirch “Anonymous” by hacking Turkish hospitals and leaking sensitive patient info?
The leak of more than 50 million Turkish citizens’ information in 2015 and 2016 was cause for great concern. Now Kevin Collier reports on a claimed hack involving Turkish citizens’ information that involves very sensitive personal and medical information. The hack was first reported by Hurriyet. Collier reports: A self-proclaimed member of the hacktivist group Anonymous has…
NY: Hackers hit upstate municipalities with ransomware
In the context of a ransomware story, Brian Tumulty reports: A top Justice Department official told senators at a Wednesday hearing that more than 7,600 ransomware complaints were received by the Internet Crime Complaint Center operated by the FBI between 2005 and 2015. Nearly one-third involved incidents that occurred last year alone. “Victims reported losses totaling…
130 days, 1,500 notifications: Does Dutch breach rule foreshadow GDPR?
Lokke Moerel and Alex van der Wolk write: As we write this, it is now four months since the new data breach notification law in the Netherlands went into effect. Since 1 January 2016, data controllers are obliged to notify the Dutch data protection authority (DPA) and individuals if the security of personal data has been…