Those in the privacy law community will remember Danielle Citron’s seminal research on state attorneys general and their role in investigating privacy and data security breaches. I reported on that research back in June, 2016 on PogoWasRight.org. As those who are regular readers of this site know, there have been more announcements of multi-state settlements…
Category: Of Note
Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker
Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. In addition to monitoring his private life, including aspects of his education, when he left the house and where he went, the company followed its target from his place of work in order…
CT: Attorney General Tong Resolves Data Breach Investigation of Sabre Hospitality Solutions
(Hartford, CT) – Attorney General Tong, along with the attorneys general of 27 states, has entered into a settlement with Sabre Corp. that resolves an investigation into the 2017 data breach of Sabre Hospitality Solutions’ hotel booking system. The breach exposed the data of approximately 1.3 million credit cards. The settlement requires a payment of…
SolarWinds Adviser Warned of Lax Security Years Before Hack
There will be those who say that this is not the time to look back at mistakes made, or this is not the time to point fingers while we are still in the midst of understanding the scope of a major attack and what needs to be done, but …. yes, this piece by Ryan…
Ransomware threat actors dump data from yet another k-12 district
The past few days have not been great ones for k-12 districts. As this site reported, DoppelPaymer ransomware threat actors recently dumped data from both Pascagoula-Gautier School District in Mississippi and Gardiner Public Schools in Montana. Now a third school district has also had some of their data dumped. On December 14, this site had…
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…