In December, 2020, the FTC announced a proposed settlement with Texas-based Ascension Data & Analytics after a security breach involving one of its vendors resulted in the exposure of, and unauthorized access to, consumers’ mortgage applications. One year later, the settlement received final approval, as the FTC announced on December 22: The Federal Trade Commission…
Category: Federal
Indian authorities set to tighten data breach laws in 2022
Stephen Pritchard reports: Authorities in India are set to clamp down on data breaches and tighten rules for holding sensitive data, according to local media reports. Organizations will be forced to disclose data breaches within 72 hours, bringing India in line with territories such as the EU, which mandates breach disclosures under its General Data Protection Regulation…
TSA issues security rules for rail operators
Lindsey O’Donnell-Welch reports: New cybersecurity requirements from the Transportation Security Administration (TSA) give freight railroads, passenger rail and rail transit operators a 24-hour deadline for reporting security incidents. Starting on Dec. 31, “high-risk” operators and owners across the rail sector must take a number of steps to bolster the cybersecurity of their systems. They must…
Huge fines and a ban on default passwords in new UK law
Jane Wakefield reports: The government has introduced new legislation to protect smart devices in people’s homes from being hacked. Recent research from consumer watchdog Which? suggested homes filled with smart devices could be exposed to more than 12,000 attacks in a single week. Default passwords for internet-connected devices will be banned, and firms which do…
Overview of Legislations on Cybersecurity, Personal Data Protection and Computer Misuse
The Cyber Security Agency of Singapore (CSA) had collaborated with the PDPC and Singapore Police Force (SPF) to develop a handbook covering an overview of the Cybersecurity Act, Computer Misuse Act and Personal Data Protection Act. The handbook explains the three different legislations and how they work in tandem, illustrated through examples of data breaches….
US regulators order banks to report cyberattacks within 36 hours
Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the…