I’ve always resisted any urge to write a “worst breaches of the year” piece at the beginning of December because I just know that if I do, there’s going to be something that would be on my “worst” list if only I had waited a few weeks. The Conti ransomware attack on Leon Medical Centers…
Category: Of Note
China settles over 3,100 personal data breach cases in 2020
Xinhua reports: China’s public security agencies investigated and settled more than 3,100 criminal cases involving personal information breaches this year, with more than 9,700 suspects arrested, according to the Ministry of Public Security. By Dec 20, police across the country had dismantled more than 40 criminal gangs and arrested more than 860 suspects in 50…
FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule
Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…
UK: 21 arrests in nationwide cyber crackdown; customers of WeLeakInfo targeted
From the UK’s National Crime Agency (NCA): 21 people have been arrested across the UK as part of an operation targeting customers of an online criminal marketplace that advertised stolen personal credentials. The operation, which ran over the past five weeks, was coordinated by the National Crime Agency and involved cybercrime teams from across the…
What was just a hope a few years ago, is now a reality: more coordinated state AG actions investigating breaches
Those in the privacy law community will remember Danielle Citron’s seminal research on state attorneys general and their role in investigating privacy and data security breaches. I reported on that research back in June, 2016 on PogoWasRight.org. As those who are regular readers of this site know, there have been more announcements of multi-state settlements…
Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker
Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. In addition to monitoring his private life, including aspects of his education, when he left the house and where he went, the company followed its target from his place of work in order…