Of Note – Page 26 – DataBreaches.Net

Do the Marriott cybersecurity settlements send the wrong message to CISOs, CFOs?

Posted on October 11, 2024 by Dissent

A report by Evan Schuman about recent Marriott settlements with the FTC and state attorneys general suggests that the settlements leave much to be desired. Both settlements have cybersecurity requirements, and the state settlement has a monetary component, but neither is strong enough as far as some experts are concerned. Here’s a snippet or two…

Cyber resilience act: Council adopts new law on security requirements for digital products

Posted on October 11, 2024 by Dissent

This is big. From the Council of the EU: The Council adopted today a new law on cybersecurity requirements for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market (cyber resilience act). The new regulation…

National Public Data files for bankruptcy, admits ‘hundreds of millions’ potentially affected

Posted on October 9, 2024 by Dissent

Iain Thomson reports: The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting “hundreds of millions” of people were potentially affected in one of the largest information leaks of the year. In June, the hacking group USDoD put a 277.1 GB file of data online that contained information on about 2.9 billion…

Attorney General Tong Co-Leads $52 Million Multistate Settlement with Marriott for Data Breach of Starwood Guest Reservation Database

Posted on October 9, 2024 by Dissent

The following enforcement action was related to FTC action, also announced today, but is a separate settlement with states. The following press release is from Connecticut’s Attorney General: (Hartford, CT) – Attorney General Tong announced today that a coalition of 50 attorneys general, co-led by Connecticut, has reached a settlement with Marriott International, Inc. as…

FTC Takes Action Against Marriott and Starwood Over Multiple Data Breaches

Posted on October 9, 2024 by Dissent

From the Federal Trade Commission: The Federal Trade Commission will require Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a robust information security program to settle charges that the companies’ failure to implement reasonable data security led to three large data breaches from 2014 to 2020 impacting more than 344…

General Hospital Cybersecurity Requirements Take Effect in New York

Posted on October 9, 2024October 9, 2024 by Dissent

Mark Furnish and Jane M. Preston of Greenberg Traurig, LLP write: A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect Oct. 2, 2024. All general hospitals must comply with the new provisions within one year of the adoption…