Brandon Vigliarolo reports: The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective. The US Government Accountability Office reported Tuesday that Login.gov, which is managed by the federal government’s General…
Category: Federal
Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
There’s an update to a previously reported case. From the U.S. Attorney’s Office, Eastern District of New York, yesterday: Earlier today, in federal court in Brooklyn, United States District Judge Frederic Block sentenced Sagar Steven Singh, also known as “Weep,” to 27 months’ imprisonment for conspiracy to commit computer intrusion and aggravated identify theft. On…
Banks Want SEC to Rescind Cyberattack Disclosure Requirements
PAYMNTS reports: American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry…
Hacker who breached communications app used by Trump aide stole data from across US government
A.J. Vicens and Raphael Satter report: A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn…
Ransomware attack kept ENGlobal out of some systems for 6 weeks
Jonathan Greig reports: Officials at a large energy industry and federal government contractor were locked out of company financial systems for six weeks due to a recent ransomware attack. ENGlobal Corporation revealed the extended disruptions in an update to the U.S. Securities and Exchange Commission on Monday evening. “The cybersecurity incident limited the Company’s ability to access…
FTC Takes Action Against GoDaddy for Alleged Lax Data Security for Its Website Hosting Services
Proposed order will prohibit GoDaddy from misleading customers about its security protections and require it to establish a robust information security program January 15, 2025 The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against…