J. M. Porup reports: At a court hearing earlier this month, the UK’s National Crime Authority (NCA) demanded that Lauri Love, a British computer scientist who allegedly broke into US government networks and caused “millions of dollars in damage,” decrypt his laptop and other devices impounded by the NCA in 2013, leading some experts to warn that a…
Category: Commentaries and Analyses
BakerHostetler Data Security Incident Response Report
BakerHostetler has released its second annual data security incident response report, which is based on 300 cases they advised on last year. The report provides some statistics on causes of incidents, which industries were most affected, and what happens after a security incident is detected – from containment, to notification, to regulatory investigations and even lawsuits. A…
IRS Needs to Further Improve Controls over Financial and Taxpayer Data: GAO
The highlights of a new GAO report on the IRS: The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its…
Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA
Lucy Li of Fox Rothschild writes: HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses or interferes with electronic data or data systems containing protected health information, an employer subject to HIPAA cannot sue the perpetrator under HIPAA. Similarly, when a ransomware attack blocks access…
Initial Release of the Information Security Primer for Evaluating Educational Software
So pleased to see this announcement from Bill Fitzgerald: One of the unspoken issues in working on security and privacy in educational software is that, while many people are passionate about privacy and security, many people don’t know how to start evaluating software or how to assess any potential risks they might uncover. One of…
FBI issues warning to law firms
Linn Foster Freedman of Robinson & Cole writes: The FBI has issued a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting “international law firm information used to facilitate business ventures.” According to the FBI “[T]he scheme involves a hacker compromising the law firm’s computer networks and monitoring…