Jeffrey P. Taft and Matthew Bisanz of Mayer Brown write: On January 7, 2019, the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.1 As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services…
Category: Miscellaneous
Youth-run agency AIESEC exposed over 4 million intern applications
Zack Whittaker reports: AIESEC, a non-profit that bills itself as the “world’s largest youth-run organization,” exposed more than four million intern applications with personal and sensitive information on a server without a password. Bob Diachenko, an independent security researcher, found an unprotected Elasticsearch database containing the applications on January 11, a little under a month…
Ca: UCP members ‘at risk for identity theft’ after laptop stolen, expert says
Lucie Edwardson reports: The United Conservative Party‘s privacy policies are being questioned after a party laptop was stolen out of an employee’s car in a parkade. The laptop contains the names, addresses and contact information of 40,000 UCP members. Experts say the language used in the memo to inform members was confusing and didn’t answer important questions….
North Korea defector hack: Personal data of almost 1,000 leaked
BBC reports: Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said. A personal computer at the state-run centre was found to have been “infected with a malicious code”. The ministry said this is thought to be the first…
US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…
How Wellcome Trust Executives Got Whaled By Oldest Trick In The Fraud Playbook
Davey Winder writes: It hasn’t been the greatest week for the non-profit sector with the revelation that two well-known charities have fallen victim to less than charitable cyber con-artists. In the same week that the Save the Children Federation confirmed it had been scammed out of $1 million by email fraudsters, so the Wellcome Trust…