Young Ha reports: A New York trial court recently ruled in a commercial general liability (CGL) policy coverage case that Zurich American Insurance Co. has no duty to defend Sony Corp. of America and Sony Computer Entertainment America in litigation stemming from the April 2011 hacking of Sony Corp.’s PlayStation online services. Ruling on the…
Category: Commentaries and Analyses
Be Careful Beating Up Target (Part 1)
Craig Carpenter of AccessData writes: A flurry of stories surfaced this week, including those in Bloomberg BusinessWeek and InformationWeek, highlighting signals of compromise that Target apparently “missed” or even “ignored”, resulting in the theft of 40 million credit card accounts. Clearly the Target breach was serious and wide-ranging, as it affected a large number of customers and even hit…
Courts Reining In What it Means to be a “Hacker” Under the Computer Fraud and Abuse Act (CFAA)
Ralph C. Losey of Jackson Lewis writes: The Computer Fraud and Abuse Act (“CFAA”) is an anti-hacker statute that prohibits unauthorized access, or the exceeding of authorized access, of computers connected to interstate commerce. 18 U.S.C. § 1030. Violators are subject to both criminal and civil liability. Employers have long taken advantage of the CFAA’s civil remedies to “sue former employees…
Ohio AG seeks harsher ID theft penalties for those victimizing service members
The AP reports: Ohio’s attorney general and two state lawmakers are pushing for harsher penalties against scammers who commit identity fraud and other theft crimes against active-duty service members and their spouses. The bill from Republican state Reps. Mike Dovilla and Terry Blair amends the current identity fraud and theft laws to increase penalties for…
Did the CIA Violate the Computer Fraud and Abuse Act by Accessing Intelligence Committee Computers?
Orin Kerr writes: Senator Feinstein recently claimed that the CIA may have violated the federal computer hacking statute, the Computer Fraud and Abuse Act, by searching computers used by the Intelligence Committee to conduct CIA oversight. Based on the facts we know so far, I’m skeptical of the claim that the CIA violated the statute. This post…
Security firm report says Target data hack was low tech
Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…