Ralph C. Losey of Jackson Lewis writes: The Computer Fraud and Abuse Act (“CFAA”) is an anti-hacker statute that prohibits unauthorized access, or the exceeding of authorized access, of computers connected to interstate commerce. 18 U.S.C. § 1030. Violators are subject to both criminal and civil liability. Employers have long taken advantage of the CFAA’s civil remedies to “sue former employees…
Category: Commentaries and Analyses
Ohio AG seeks harsher ID theft penalties for those victimizing service members
The AP reports: Ohio’s attorney general and two state lawmakers are pushing for harsher penalties against scammers who commit identity fraud and other theft crimes against active-duty service members and their spouses. The bill from Republican state Reps. Mike Dovilla and Terry Blair amends the current identity fraud and theft laws to increase penalties for…
Did the CIA Violate the Computer Fraud and Abuse Act by Accessing Intelligence Committee Computers?
Orin Kerr writes: Senator Feinstein recently claimed that the CIA may have violated the federal computer hacking statute, the Computer Fraud and Abuse Act, by searching computers used by the Intelligence Committee to conduct CIA oversight. Based on the facts we know so far, I’m skeptical of the claim that the CIA violated the statute. This post…
Security firm report says Target data hack was low tech
Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…
Experian Lapse Allowed ID Theft Service Access to 200M Consumer Records – Krebs
Brian Krebs writes: In October 2013, KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus. Today’s story looks deeper at the damage wrought in this colossal misstep by one…
No consensus on notifying victims of data breaches, but I have a few thoughts
Eric Tucker of Associated Press reports: The data breach at Target Corp. that exposed millions of credit card numbers has focused attention on the patchwork of state consumer notification laws and renewed a push for a single national standard. Most states have laws that require retailers to disclose data breaches, but the laws vary wildly….