From the Washington Attorney General’s Office yesterday, a press release on an expansion of the breach notification requirements. Of special note, under the new law, a hacker acquiring a name in combination with a student ID would trigger notification obligations, but only if the information was not secured or made unusable (e.g., by encryption) AND …
Category: Of Note
Italy’s DPA Fines Data Processor for Information Security Failures
Odia Kagan of FoxRothschild writes: Caveat Data Processor. Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures. Service providers should ensure that the data entrusted to them by their data controller customers is adequately protected. Read more on Privacy…
MD Anderson ousts 3 scientists over concerns about Chinese data theft
Todd Ackerman reports: MD Anderson Cancer Center is ousting three scientists in connection with concerns China is trying to steal U.S. scientific research, the first such publicly disclosed punishments since federal officials directed some institutions to investigate specific professors in violation of granting agency policies. MD Anderson took the actions after receiving e-mails last year…
WSU to pay up to $4.7 million for data theft involving 1.2 million people
Breaches that involve health data generally will cost you more. Asia Fields reports: Washington State University learned a costly lesson after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Now, the university is going to have to pay even more. In a…
Source code of Iranian cyber-espionage tools leaked on Telegram
Hell hath no fury like a vengeful insider, Wednesday edition. Catalin Cimpanu reports: In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten. The hacking tools are nowhere near…
EU: No evidence of Kaspersky spying despite ‘confirmed malicious’ classification
Catalin Cimpanu reports: In a document published today, the European Commission has revealed that they don’t have any actual evidence of Kaspersky software being used for spying on behalf of the Russian government, as the US government alluded in 2017. The document was the Commission’s reply to a series of questions submitted by Gerolf Annemans,…