Alexander Berengaut and Tarek Austin of Covington & Burling write: In March 2017, Rep. Tom Graves, R-Ga., introduced a draft bill titled the Active Cyber Defense Certainty Act. The bill would amend the Computer Fraud and Abuse Act to enable victims of cyberattacks to employ “limited defensive measures that exceed the boundaries of one’s network…
Category: Of Note
Canadian Regulator Issues Final Guidance on New Data Breach Reporting Requirements
Hunton writes: On October 29, 2018, the Office of the Privacy Commissioner of Canada (the “OPC”) released final guidance (“Final Guidance”) regarding how businesses may satisfy the reporting and record-keeping obligations under Canada’s new data breach reporting law. The law, effective November 1, 2018, requires organizations subject to the federal Personal Information Protection and Electronic…
GandCrab ransomware crew loses $1Mil after Bitdefender releases free decrypter
Score one for the good guys. Catalin Cimpanu reports: Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week. The Romanian antivirus maker says that at least 1,700 GandCrab victims were able to successfully…
Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks
Brian Krebs reports: The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater. Paras Jha, a 22-year-old computer…
Privacy Commissioner Expresses Serious Concern on Cathay Pacific Airways Data Breach Incident
The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner), Mr Stephen Kai-yi WONG, expressed serious concern over the Cathay Pacific Airways data breach incident, noting that the incident might involve a vast amount of personal data (such as name, date of birth, passport number, Hong Kong Identity Card number, credit card number, etc) of…
ICO issues maximum £500,000 fine to Facebook for failing to protect users’ personal information
The Information Commissioner’s Office (ICO) has fined Facebook £500,000 for serious breaches of data protection law. In July, the ICO issued a Notice of Intent to fine Facebook as part of a wide ranging investigation into the use of data analytics for political purposes. After considering representations from the company, the ICO has issued the…